|
208731
|
5.4 |
MEDIUM
Network
|
mblog_project
|
mblog
|
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19616
|
2024-11-21 14:09 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208732
|
7.5 |
HIGH
Network
|
flycms_project
|
flycms
|
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-19613
|
2024-11-21 14:09 |
2021-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208733
|
6.1 |
MEDIUM
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19643
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208734
|
6.2 |
MEDIUM
Physics
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead A…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19642
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208735
|
8.8 |
HIGH
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/f…
|
NVD-CWE-Other
|
CVE-2020-19641
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208736
|
7.5 |
HIGH
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/med…
|
NVD-CWE-noinfo
|
CVE-2020-19640
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208737
|
8.8 |
HIGH
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.
|
CWE-352
Origin Validation Error
|
CVE-2020-19639
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208738
|
5.4 |
MEDIUM
Network
|
craftcms
|
craft_cms
|
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19626
|
2024-11-21 14:09 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208739
|
9.8 |
CRITICAL
Network
|
gridx_project
|
gridx
|
Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
|
NVD-CWE-noinfo
|
CVE-2020-19625
|
2024-11-21 14:09 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208740
|
7.5 |
HIGH
Network
|
emerson
|
smart_wireless_gateway_1420_firmware
|
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-19419
|
2024-11-21 14:09 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
