|
208221
|
8.8 |
HIGH
Network
|
indionetworks
|
unibox_u50_firmware
unibox_u500_firmware
unibox_u1000_firmware
unibox_u2500_firmware
unibox_u5000_firmware
|
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
|
CWE-78
OS Command
|
CVE-2020-21883
|
2024-11-21 14:12 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208222
|
4.3 |
MEDIUM
Network
|
wuzhicms
|
wuzhicms
|
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.
|
CWE-22
Path Traversal
|
CVE-2020-21590
|
2024-11-21 14:12 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208223
|
5.5 |
MEDIUM
Local
|
coreftp
|
core_ftp
|
Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-21588
|
2024-11-21 14:12 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208224
|
9.8 |
CRITICAL
Network
|
emlog
|
emlog
|
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-21585
|
2024-11-21 14:12 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208225
|
5.4 |
MEDIUM
Network
|
seeyon
|
g6_government_collaborative_system
|
Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-20545
|
2024-11-21 14:12 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208226
|
9.8 |
CRITICAL
Network
|
inspur
|
clusterengine
|
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server
|
CWE-88
Argument Injection
|
CVE-2020-21224
|
2024-11-21 14:12 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208227
|
9.8 |
CRITICAL
Network
|
koa2-blog_project
|
koa2-blog
|
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.
|
CWE-89
SQL Injection
|
CVE-2020-21180
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208228
|
9.8 |
CRITICAL
Network
|
koa2-blog_project
|
koa2-blog
|
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.
|
CWE-89
SQL Injection
|
CVE-2020-21179
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208229
|
9.8 |
CRITICAL
Network
|
thinkjs
|
thinkjs
|
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.
|
CWE-89
SQL Injection
|
CVE-2020-21176
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208230
|
9.8 |
CRITICAL
Network
|
cmswing
|
cmswing
|
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2020-20296
|
2024-11-21 14:12 |
2021-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
