|
199051
|
9.9 |
CRITICAL
Network
|
cayintech
|
cms-se_firmware
cms-se-lxc_firmware
cms-60_firmware
cms-40_firmware
cms-20_firmware
cms
|
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user …
|
CWE-78
OS Command
|
CVE-2020-7357
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199052
|
9.8 |
CRITICAL
Network
|
cayintech
|
xpost
|
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being ret…
|
CWE-89
SQL Injection
|
CVE-2020-7356
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199053
|
8.4 |
HIGH
Local
|
mcafee
|
total_protection
|
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
|
NVD-CWE-noinfo
|
CVE-2020-7298
|
2024-11-21 14:37 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199054
|
8.8 |
HIGH
Local
|
gog
|
galaxy
|
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with thi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-7352
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199055
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7823
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199056
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7822
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199057
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7829
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199058
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7828
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199059
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and …
|
CWE-416
Use After Free
|
CVE-2020-7827
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199060
|
9.8 |
CRITICAL
Network
|
express-fileupload_project
netapp
|
express-fileupload
max_data
|
This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7699
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
