|
208841
|
9.8 |
CRITICAL
Network
|
talelin
|
lin-cms-flask
|
Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-18698
|
2024-11-21 14:08 |
2021-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208842
|
7.5 |
HIGH
Network
|
dcce
|
mac1100_plc_firmware
|
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-18759
|
2024-11-21 14:08 |
2021-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208843
|
9.8 |
CRITICAL
Network
|
dcce
|
mac1100_plc_firmware
|
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.
|
CWE-77
Command Injection
|
CVE-2020-18758
|
2024-11-21 14:08 |
2021-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208844
|
7.5 |
HIGH
Network
|
dcce
|
mac1100_plc_firmware
|
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.
|
CWE-862
Missing Authorization
|
CVE-2020-18757
|
2024-11-21 14:08 |
2021-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208845
|
7.5 |
HIGH
Network
|
dcce
|
mac1100_plc_firmware
|
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-18756
|
2024-11-21 14:08 |
2021-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208846
|
7.5 |
HIGH
Network
|
dcce
|
mac1100_plc_firmware
|
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-18754
|
2024-11-21 14:08 |
2021-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208847
|
9.8 |
CRITICAL
Network
|
dcce
|
mac1100_plc_firmware
|
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
|
CWE-862
Missing Authorization
|
CVE-2020-18753
|
2024-11-21 14:08 |
2021-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208848
|
3.5 |
LOW
Network
|
aikcms
|
aikcms
|
Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.
|
CWE-352
Origin Validation Error
|
CVE-2020-18464
|
2024-11-21 14:08 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208849
|
2.4 |
LOW
Network
|
aikcms
|
aikcms
|
Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.
|
CWE-352
Origin Validation Error
|
CVE-2020-18463
|
2024-11-21 14:08 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208850
|
7.2 |
HIGH
Network
|
aikcms
|
aikcms
|
File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-18462
|
2024-11-21 14:08 |
2021-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
