|
221271
|
7.5 |
HIGH
Network
|
sannce
|
smart_hd_wifi_security_camera_ean_2_950004_595317_firmware
|
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scan…
|
NVD-CWE-noinfo
|
CVE-2019-20463
|
2024-11-21 13:38 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221272
|
6.8 |
MEDIUM
Physics
|
tk-star
|
q90_junior_gps_horloge_firmware
|
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "…
|
NVD-CWE-noinfo
|
CVE-2019-20473
|
2024-11-21 13:38 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221273
|
7.8 |
HIGH
Local
|
tk-star
|
q90_junior_gps_horloge_firmware
|
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no p…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-20471
|
2024-11-21 13:38 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221274
|
7.5 |
HIGH
Network
|
tk-star
|
q90_junior_gps_horloge_firmware
|
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the w…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-20470
|
2024-11-21 13:38 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221275
|
9.8 |
CRITICAL
Network
|
tk-star
|
q90_junior_gps_horloge_firmware
|
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-20468
|
2024-11-21 13:38 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221276
|
8.1 |
HIGH
Network
|
vikisolutions
|
vera
|
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-20484
|
2024-11-21 13:38 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221277
|
5.4 |
MEDIUM
Network
|
vikisolutions
|
vera
|
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application.
|
CWE-79
Cross-site Scripting
|
CVE-2019-20483
|
2024-11-21 13:38 |
2021-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221278
|
6.1 |
MEDIUM
Network
|
treasuryxpress
|
treasuryxpress
|
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious paylo…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20152
|
2024-11-21 13:38 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221279
|
6.1 |
MEDIUM
Network
|
treasuryxpress
|
treasuryxpress
|
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A mali…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20151
|
2024-11-21 13:38 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221280
|
6.5 |
MEDIUM
Network
|
treasuryxpress
|
treasuryxpress
|
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force th…
|
NVD-CWE-noinfo
|
CVE-2019-20150
|
2024-11-21 13:38 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
