|
209831
|
9.8 |
CRITICAL
Network
|
midasolutions
|
eframework
|
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
|
CWE-287
Improper Authentication
|
CVE-2020-15921
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209832
|
9.8 |
CRITICAL
Network
|
midasolutions
|
eframework
|
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
|
CWE-78
OS Command
|
CVE-2020-15920
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209833
|
6.1 |
MEDIUM
Network
|
midasolutions
|
eframework
|
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15919
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209834
|
5.4 |
MEDIUM
Network
|
midasolutions
|
eframework
|
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15918
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209835
|
9.8 |
CRITICAL
Network
|
claws-mail
fedoraproject
opensuse
|
claws-mail
fedora
leap
backports_sle
|
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
|
NVD-CWE-noinfo
|
CVE-2020-15917
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209836
|
9.8 |
CRITICAL
Network
|
tenda
|
ac15_firmware
|
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
|
CWE-78
OS Command
|
CVE-2020-15916
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209837
|
6.5 |
MEDIUM
Adjacent
|
tesla
|
model_3_firmware
|
Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue
|
NVD-CWE-noinfo
|
CVE-2020-15912
|
2024-11-21 14:06 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209838
|
8.8 |
HIGH
Network
|
softwareupdate_project
|
softwareupdate
|
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter o…
|
CWE-89
SQL Injection
|
CVE-2020-15887
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209839
|
8.8 |
HIGH
Network
|
reportdata_project
|
reportdata
|
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/…
|
CWE-89
SQL Injection
|
CVE-2020-15886
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209840
|
5.4 |
MEDIUM
Network
|
munkireport_project
|
comment
|
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15885
|
2024-11-21 14:06 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
