|
197551
|
4.8 |
MEDIUM
Network
|
digi
|
transport_wr21_firmware
transport_wr44_firmware
|
Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8822
|
2024-11-21 14:39 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197552
|
5.4 |
MEDIUM
Network
|
bludit
|
bludit
|
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8812
|
2024-11-21 14:39 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197553
|
4.3 |
MEDIUM
Network
|
bludit
|
bludit
|
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
|
CWE-862
Missing Authorization
|
CVE-2020-8811
|
2024-11-21 14:39 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197554
|
7.8 |
HIGH
Local
|
corsair
|
icue
|
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary ph…
|
NVD-CWE-noinfo
|
CVE-2020-8808
|
2024-11-21 14:39 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197555
|
9.8 |
CRITICAL
Network
|
biscom
|
secure_file_transfer
|
Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server.
|
NVD-CWE-Other
|
CVE-2020-8796
|
2024-11-21 14:39 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197556
|
6.1 |
MEDIUM
Network
|
synaptivemedical
|
clearcanvas
|
Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product ca…
|
CWE-79
Cross-site Scripting
|
CVE-2020-8788
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197557
|
9.8 |
CRITICAL
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via th…
|
CWE-89
SQL Injection
|
CVE-2020-8656
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197558
|
8.8 |
HIGH
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index…
|
CWE-78
OS Command
|
CVE-2020-8654
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197559
|
9.8 |
CRITICAL
Network
|
simplejobscript
|
simplejobscript
|
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function i…
|
CWE-89
SQL Injection
|
CVE-2020-8645
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197560
|
9.8 |
CRITICAL
Network
|
revmakx
|
infinitewp_client
|
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.
|
CWE-862
Missing Authorization
|
CVE-2020-8772
|
2024-11-21 14:39 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
