|
212401
|
5.3 |
MEDIUM
Network
|
store-opart
|
quote
|
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploitin…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-16194
|
2024-11-21 14:06 |
2021-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212402
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request ca…
|
NVD-CWE-noinfo
|
CVE-2020-15836
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212403
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing th…
|
CWE-287
Improper Authentication
|
CVE-2020-15835
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212404
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15834
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212405
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. T…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-15833
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212406
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with t…
|
NVD-CWE-noinfo
|
CVE-2020-15832
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212407
|
9.8 |
CRITICAL
Network
|
nim-lang
|
nim
|
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
|
CWE-74
Injection
|
CVE-2020-15690
|
2024-11-21 14:06 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212408
|
7.8 |
HIGH
Local
|
panasonic
|
fpwin_pro
|
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-16236
|
2024-11-21 14:06 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212409
|
6.1 |
MEDIUM
Network
|
quali
|
cloudshell
|
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that execute…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15864
|
2024-11-21 14:06 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212410
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16046
|
2024-11-21 14:06 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
