|
213311
|
7.5 |
HIGH
Network
|
nim-lang
|
nim
|
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a n…
|
CWE-20
Improper Input Validation
|
CVE-2020-15694
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213312
|
6.5 |
MEDIUM
Network
|
nim-lang
|
nim
|
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as h…
|
CWE-74
Injection
|
CVE-2020-15693
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213313
|
9.8 |
CRITICAL
Network
|
nim-lang
|
nim
|
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker…
|
CWE-88
Argument Injection
|
CVE-2020-15692
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213314
|
9.6 |
CRITICAL
Network
|
siemens
|
sicam_a8000_firmware
|
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate sp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15781
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213315
|
7.2 |
HIGH
Network
|
geutebrueck
|
g-cam_ebc-2110_firmware
g-cam_ebc-2111_firmware
g-cam_efd-2240_firmware
g-cam_efd-2241_firmware
g-cam_efd-2250_firmware
g-cam_ethc-2230_firmware
g-cam_ethc-2239_firmware
g-cam_et…
|
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.…
|
CWE-78
OS Command
|
CVE-2020-16205
|
2024-11-21 14:06 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213316
|
8.8 |
HIGH
Network
|
loway
|
queuemetrics
|
A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId …
|
CWE-89
SQL Injection
|
CVE-2020-15947
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213317
|
8.8 |
HIGH
Network
|
loway
|
queuemetrics
|
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter.
|
CWE-89
SQL Injection
|
CVE-2020-15925
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213318
|
8.6 |
HIGH
Local
|
vng
|
zalo_desktop
|
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafte…
|
CWE-74
Injection
|
CVE-2020-16087
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213319
|
7.5 |
HIGH
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2020-15868
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213320
|
7.5 |
HIGH
Network
|
cisco
|
unified_ip_conference_station_7937g_firmware
|
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove …
|
NVD-CWE-noinfo
|
CVE-2020-16139
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
