|
209151
|
7.5 |
HIGH
Network
|
panorama
|
nhiservisignadapter
|
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-25842
|
2024-11-21 14:18 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209152
|
8.8 |
HIGH
Network
|
qnap
|
quts_hero
qts
|
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS …
|
CWE-77
Command Injection
|
CVE-2020-25847
|
2024-11-21 14:18 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209153
|
7.8 |
HIGH
Local
|
3ds
|
teamwork_cloud
|
An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-25507
|
2024-11-21 14:18 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209154
|
8.8 |
HIGH
Network
|
stratodesk
|
notouch_center
|
Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operatio…
|
CWE-669
CWE-862
Incorrect Resource Transfer Between Spheres
Missing Authorization
|
CVE-2020-25917
|
2024-11-21 14:18 |
2020-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209155
|
6.6 |
MEDIUM
Network
|
pengutronix
|
rauc
|
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the fi…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2020-25860
|
2024-11-21 14:18 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209156
|
6.1 |
MEDIUM
Network
|
spiceworks
|
spiceworks
|
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
|
CWE-601
Open Redirect
|
CVE-2020-25901
|
2024-11-21 14:18 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209157
|
6.1 |
MEDIUM
Network
|
xinuos
|
openserver
|
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25495
|
2024-11-21 14:18 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209158
|
9.8 |
CRITICAL
Network
|
xinuos
|
openserver
|
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
|
CWE-78
OS Command
|
CVE-2020-25494
|
2024-11-21 14:18 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209159
|
4.9 |
MEDIUM
Network
|
mitel
|
micollab
|
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow…
|
NVD-CWE-noinfo
|
CVE-2020-25612
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209160
|
6.1 |
MEDIUM
Network
|
mitel
|
micollab
|
The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitati…
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2020-25611
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
