|
197471
|
9.4 |
CRITICAL
Network
|
phoenixcontact
|
ilc_2050_bi_firmware
ilc_2050_bi-l_firmware
|
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration o…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-8768
|
2024-11-21 14:39 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197472
|
8.8 |
HIGH
Network
|
wpcentral
|
wpcentral
|
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
|
CWE-200
Information Exposure
|
CVE-2020-9043
|
2024-11-21 14:39 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197473
|
5.4 |
MEDIUM
Network
|
joplin_project
|
joplin
|
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-9038
|
2024-11-21 14:39 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197474
|
9.8 |
CRITICAL
Network
|
sygnoos
|
popup_builder
|
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data w…
|
CWE-89
CWE-502
SQL Injection
Deserialization of Untrusted Data
|
CVE-2020-9006
|
2024-11-21 14:39 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197475
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users.
|
NVD-CWE-noinfo
|
CVE-2020-8795
|
2024-11-21 14:39 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197476
|
7.8 |
HIGH
Local
|
valvesoftware
|
dota_2
|
meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-9005
|
2024-11-21 14:39 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197477
|
6.5 |
MEDIUM
Network
|
microchip
|
syncserver_s100_firmware
syncserver_s200_firmware
syncserver_s250_firmware
syncserver_s300_firmware
syncserver_s350_firmware
|
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
|
CWE-22
Path Traversal
|
CVE-2020-9033
|
2024-11-21 14:39 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197478
|
6.5 |
MEDIUM
Network
|
microchip
|
syncserver_s100_firmware
syncserver_s200_firmware
syncserver_s250_firmware
syncserver_s300_firmware
syncserver_s350_firmware
|
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
|
CWE-22
Path Traversal
|
CVE-2020-9032
|
2024-11-21 14:39 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197479
|
6.5 |
MEDIUM
Network
|
microchip
|
syncserver_s100_firmware
syncserver_s200_firmware
syncserver_s250_firmware
syncserver_s300_firmware
syncserver_s350_firmware
|
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
|
CWE-22
Path Traversal
|
CVE-2020-9031
|
2024-11-21 14:39 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197480
|
6.5 |
MEDIUM
Network
|
microchip
|
syncserver_s100_firmware
syncserver_s200_firmware
syncserver_s250_firmware
syncserver_s300_firmware
syncserver_s350_firmware
|
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
|
CWE-22
Path Traversal
|
CVE-2020-9030
|
2024-11-21 14:39 |
2020-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
