|
200131
|
9.8 |
CRITICAL
Network
|
dext5
|
dext5
|
A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile func…
|
CWE-20
Improper Input Validation
|
CVE-2020-7832
|
2024-11-21 14:37 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200132
|
7.5 |
HIGH
Network
|
ntracker
|
ntracker_usb_enterprise
|
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other sessio…
|
CWE-89
SQL Injection
|
CVE-2020-7819
|
2024-11-21 14:37 |
2021-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200133
|
8.8 |
HIGH
Network
|
mastersoft
|
zook_agent
zook_viewer
|
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. Thi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-7877
|
2024-11-21 14:37 |
2021-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200134
|
8.8 |
HIGH
Network
|
raonwiz
|
raon_k_upload
|
A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validatio…
|
CWE-20
Improper Input Validation
|
CVE-2020-7863
|
2024-11-21 14:37 |
2021-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200135
|
5.4 |
MEDIUM
Network
|
sage
|
syracuse
|
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7390
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200136
|
7.2 |
HIGH
Network
|
sage
|
syracuse
|
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configura…
|
CWE-78
OS Command
|
CVE-2020-7389
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200137
|
9.8 |
CRITICAL
Network
|
sage
|
adxadmin
|
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While explo…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-7388
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200138
|
5.3 |
MEDIUM
Network
|
sage
|
adxadmin
|
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulner…
|
NVD-CWE-noinfo
|
CVE-2020-7387
|
2024-11-21 14:37 |
2021-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200139
|
9.8 |
CRITICAL
Network
|
tobesoft
|
xplatform
|
When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation
|
CWE-20
Improper Input Validation
|
CVE-2020-7866
|
2024-11-21 14:37 |
2021-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200140
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this a…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-7872
|
2024-11-21 14:37 |
2021-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
