|
212521
|
9.6 |
CRITICAL
Network
|
soy_cms_project
soy_inquiry_project
|
soy_cms
soy_inquiry
|
The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery (CSRF) and Remote Code Execution (RCE). The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allo…
|
-
|
CVE-2020-15182
|
2024-11-21 14:05 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212522
|
8.8 |
HIGH
Network
|
fluffycogs_project
|
fluffycogs
|
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions an…
|
-
|
CVE-2020-15172
|
2024-11-21 14:05 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212523
|
9.3 |
CRITICAL
Network
|
prestashop
|
contactform
|
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, p…
|
-
|
CVE-2020-15178
|
2024-11-21 14:05 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212524
|
9.0 |
CRITICAL
Network
|
scratch-wiki
|
scratchsig
|
The ScratchSig extension for MediaWiki before version 1.0.1 allows stored Cross-Site Scripting. Using <script> tag inside <scratchsig> tag, attackers with edit permission can execute scripts on visit…
|
-
|
CVE-2020-15179
|
2024-11-21 14:05 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212525
|
7.5 |
HIGH
Network
|
privateinternetaccess
|
private_internet_access_vpn_client
|
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via i…
|
CWE-863
Incorrect Authorization
|
CVE-2020-15590
|
2024-11-21 14:05 |
2020-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212526
|
9.8 |
CRITICAL
Network
|
accel-ppp
|
accel-ppp
|
In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less th…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-15173
|
2024-11-21 14:05 |
2020-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212527
|
8.1 |
HIGH
Network
|
trendmicro
|
deep_security_manager
vulnerability_protection
|
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targ…
|
CWE-287
Improper Authentication
|
CVE-2020-15605
|
2024-11-21 14:05 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212528
|
8.1 |
HIGH
Network
|
trendmicro
|
deep_security_manager
vulnerability_protection
|
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted orga…
|
CWE-287
Improper Authentication
|
CVE-2020-15601
|
2024-11-21 14:05 |
2020-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212529
|
5.5 |
MEDIUM
Local
|
niscomed
|
m1000_multipara_patient_monitor_firmware
|
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-15485
|
2024-11-21 14:05 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212530
|
6.5 |
MEDIUM
Adjacent
|
drtrust
|
electrocardiogram_pen_firmware
|
An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of …
|
NVD-CWE-noinfo
|
CVE-2020-15486
|
2024-11-21 14:05 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
