|
201701
|
4.3 |
MEDIUM
Network
|
yzmcms
|
yzmcms
|
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.
|
CWE-352
Origin Validation Error
|
CVE-2020-35972
|
2024-11-21 14:28 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201702
|
5.4 |
MEDIUM
Network
|
yzmcms
|
yzmcms
|
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-35971
|
2024-11-21 14:28 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201703
|
7.5 |
HIGH
Network
|
yzmcms
|
yzmcms
|
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-35970
|
2024-11-21 14:28 |
2021-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201704
|
8.8 |
HIGH
Adjacent
|
qnap
|
music_station
|
An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by…
|
-
|
CVE-2020-36197
|
2024-11-21 14:28 |
2021-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201705
|
8.1 |
HIGH
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated use…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-36126
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201706
|
7.1 |
HIGH
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attack…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-36125
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201707
|
6.5 |
MEDIUM
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to …
|
CWE-611
XXE
|
CVE-2020-36124
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201708
|
8.2 |
HIGH
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. T…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-36128
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201709
|
6.5 |
MEDIUM
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the c…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36127
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201710
|
9.8 |
CRITICAL
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. D…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35758
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
