|
215371
|
9.8 |
CRITICAL
Network
|
automationdirect
|
c-more_hmi_ea9_firmware
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit t…
|
-
|
CVE-2020-10920
|
2024-11-21 13:56 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215372
|
5.9 |
MEDIUM
Network
|
automationdirect
|
c-more_hmi_ea9_firmware
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to e…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2020-10919
|
2024-11-21 13:56 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215373
|
7.5 |
HIGH
Network
|
automationdirect
|
c-more_hmi_ea9_firmware
|
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit th…
|
-
|
CVE-2020-10918
|
2024-11-21 13:56 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215374
|
9.8 |
CRITICAL
Network
|
nec
|
esmpro_manager
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific f…
|
-
|
CVE-2020-10917
|
2024-11-21 13:56 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215375
|
5.4 |
MEDIUM
Network
|
ipear_project
|
ipear
|
In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing an…
|
CWE-77
Command Injection
|
CVE-2020-11084
|
2024-11-21 13:56 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215376
|
4.8 |
MEDIUM
Network
|
octobercms
|
october
|
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11083
|
2024-11-21 13:56 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215377
|
6.1 |
MEDIUM
Network
|
tenda
|
ac15_firmware
|
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-10989
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215378
|
9.8 |
CRITICAL
Network
|
tenda
|
ac15_firmware
|
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-10988
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215379
|
9.8 |
CRITICAL
Network
|
tenda
|
ac15_firmware
|
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
|
CWE-78
OS Command
|
CVE-2020-10987
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215380
|
6.5 |
MEDIUM
Network
|
tenda
|
ac15_firmware
|
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacke…
|
CWE-352
Origin Validation Error
|
CVE-2020-10986
|
2024-11-21 13:56 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
