|
208261
|
6.1 |
MEDIUM
Network
|
typo3
|
fluid
|
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper al…
|
-
|
CVE-2020-26216
|
2024-11-21 14:19 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208262
|
6.5 |
MEDIUM
Adjacent
|
genexis
|
platinum_4410_firmware
|
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adj…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-25988
|
2024-11-21 14:19 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208263
|
7.1 |
HIGH
Network
|
gitlab
|
gitlab
|
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.…
|
CWE-22
Path Traversal
|
CVE-2020-26405
|
2024-11-21 14:19 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208264
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with rep…
|
NVD-CWE-noinfo
|
CVE-2020-26406
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208265
|
6.1 |
MEDIUM
Network
|
prestashop
|
product_comments
|
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0…
|
-
|
CVE-2020-26225
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208266
|
7.5 |
HIGH
Network
|
prestashop
|
prestashop
|
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an …
|
NVD-CWE-noinfo
|
CVE-2020-26224
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208267
|
9.8 |
CRITICAL
Network
|
airleader
|
airleader_master_control
|
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-26510
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208268
|
7.5 |
HIGH
Network
|
airleader
|
airleader_master_control
|
Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-26509
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208269
|
9.8 |
CRITICAL
Network
|
canon
|
oce_colorwave_3500_firmware
|
The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-26508
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208270
|
8.8 |
HIGH
Network
|
xstream_project
debian
netapp
apache
oracle
|
xstream
debian_linux
snapmanager
activemq
banking_platform
communications_policy_management
banking_virtual_account_management
business_activity_monitoring
retail_xstore_point…
|
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Onl…
|
-
|
CVE-2020-26217
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
