|
208291
|
9.8 |
CRITICAL
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-25196
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208292
|
8.8 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administ…
|
CWE-269
Improper Privilege Management
|
CVE-2020-25194
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208293
|
5.3 |
MEDIUM
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
|
CWE-200
Information Exposure
|
CVE-2020-25192
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208294
|
9.8 |
CRITICAL
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-25190
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208295
|
7.5 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
|
CWE-521
Weak Password Requirements
|
CVE-2020-25153
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208296
|
9.8 |
CRITICAL
Network
|
treck
|
tcp\/ip
|
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25066
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208297
|
7.8 |
HIGH
Local
|
supremocontrol
|
supremo
|
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.
|
CWE-269
Improper Privilege Management
|
CVE-2020-25106
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208298
|
8.8 |
HIGH
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact …
|
NVD-CWE-Other
|
CVE-2020-25096
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208299
|
8.8 |
HIGH
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session…
|
CWE-352
Origin Validation Error
|
CVE-2020-25095
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208300
|
9.8 |
CRITICAL
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server wit…
|
CWE-78
OS Command
|
CVE-2020-25094
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
