|
209121
|
7.5 |
HIGH
Network
|
inim
|
smartliving_505_firmware
smartliving_515_firmware
smartliving_1050_firmware
smartliving_1050g3_firmware
smartliving_10100l_firmware
smartliving_10100lg3_firmware
|
An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The application parses user supplied …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-22002
|
2024-11-21 14:13 |
2021-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209122
|
5.4 |
MEDIUM
Network
|
safe
|
fme_server
|
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS i…
|
CWE-79
Cross-site Scripting
|
CVE-2020-22790
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209123
|
6.1 |
MEDIUM
Network
|
safe
|
fme_server
|
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is exe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-22789
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209124
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of ra…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-22785
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209125
|
7.5 |
HIGH
Network
|
etherpad
|
ueberdb
|
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing acce…
|
CWE-697
Incorrect Comparison
|
CVE-2020-22784
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209126
|
6.5 |
MEDIUM
Network
|
etherpad
|
etherpad
|
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-22783
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209127
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.
|
NVD-CWE-noinfo
|
CVE-2020-22782
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209128
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
|
CWE-89
SQL Injection
|
CVE-2020-22781
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209129
|
9.8 |
CRITICAL
Network
|
homeautomation_project
|
homeautomation
|
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote co…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-22001
|
2024-11-21 14:13 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209130
|
8.0 |
HIGH
Network
|
homeautomation_project
|
homeautomation
|
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell comm…
|
CWE-352
CWE-78
Origin Validation Error
OS Command
|
CVE-2020-22000
|
2024-11-21 14:13 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
