|
196981
|
9.1 |
CRITICAL
Network
|
dlink
|
dsl-2640b_firmware
|
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9278
|
2024-11-21 14:40 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196982
|
9.8 |
CRITICAL
Network
|
dlink
|
dsl-2640b_firmware
|
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin pas…
|
CWE-287
Improper Authentication
|
CVE-2020-9277
|
2024-11-21 14:40 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196983
|
8.8 |
HIGH
Network
|
dlink
|
dsl-2640b_firmware
|
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stac…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-9276
|
2024-11-21 14:40 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196984
|
9.8 |
CRITICAL
Network
|
dlink
|
dsl-2640b_firmware
|
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm UDP service listening on port 65002 allows remote, unauthenticated exfiltration of administrative credentials.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-9275
|
2024-11-21 14:40 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196985
|
6.1 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9445
|
2024-11-21 14:40 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196986
|
6.1 |
MEDIUM
Network
|
zulip
|
zulip_server
|
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-9444
|
2024-11-21 14:40 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196987
|
8.8 |
HIGH
Network
|
microfocus
|
enterprise_developer
enterprise_server
|
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The v…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-9523
|
2024-11-21 14:40 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196988
|
7.5 |
HIGH
Network
|
silverstripe
|
silverstripe
|
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed uploa…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-9280
|
2024-11-21 14:40 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196989
|
8.8 |
HIGH
Network
|
subex
|
roc_partner_settlement
|
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipula…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-9384
|
2024-11-21 14:40 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196990
|
5.4 |
MEDIUM
Network
|
octech
|
oempro
|
Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9461
|
2024-11-21 14:40 |
2020-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
