|
202591
|
8.8 |
HIGH
Network
|
grandstream
|
ht801_firmware
ht802_firmware
ht812_firmware
ht814_firmware
ht818_firmware
ht813_firmware
|
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-5763
|
2024-11-21 14:34 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202592
|
7.5 |
HIGH
Network
|
grandstream
|
ht801_firmware
ht802_firmware
ht812_firmware
ht814_firmware
ht818_firmware
ht813_firmware
|
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a N…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-5762
|
2024-11-21 14:34 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202593
|
7.5 |
HIGH
Network
|
grandstream
|
ht801_firmware
ht802_firmware
ht812_firmware
ht814_firmware
ht818_firmware
ht813_firmware
|
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by s…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-5761
|
2024-11-21 14:34 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202594
|
7.8 |
HIGH
Local
|
grandstream
|
ht801_firmware
ht802_firmware
ht812_firmware
ht814_firmware
ht818_firmware
ht813_firmware
|
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by craftin…
|
CWE-78
OS Command
|
CVE-2020-5760
|
2024-11-21 14:34 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202595
|
5.3 |
MEDIUM
Network
|
kujirahand
|
konawiki
|
Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2020-5614
|
2024-11-21 14:34 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202596
|
6.1 |
MEDIUM
Network
|
kujirahand
|
konawiki
|
Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5613
|
2024-11-21 14:34 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202597
|
6.1 |
MEDIUM
Network
|
kujirahand
|
konawiki
|
Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5612
|
2024-11-21 14:34 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202598
|
9.1 |
CRITICAL
Network
|
dell
|
emc_openmanage_server_administrator
|
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilit…
|
CWE-22
Path Traversal
|
CVE-2020-5377
|
2024-11-21 14:34 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202599
|
8.8 |
HIGH
Network
|
wpsocialrocket
|
social_sharing
|
Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2020-5611
|
2024-11-21 14:34 |
2020-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202600
|
5.4 |
MEDIUM
Network
|
teltonika-networks
|
gateway_trb245_firmware
|
Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-s…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5769
|
2024-11-21 14:34 |
2020-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
