|
202081
|
8.8 |
HIGH
Network
|
easycorp
|
zentao_pro
|
The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct …
|
CWE-78
OS Command
|
CVE-2020-7361
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202082
|
9.9 |
CRITICAL
Network
|
cayintech
|
cms-se_firmware
cms-se-lxc_firmware
cms-60_firmware
cms-40_firmware
cms-20_firmware
cms
|
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user …
|
CWE-78
OS Command
|
CVE-2020-7357
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202083
|
9.8 |
CRITICAL
Network
|
cayintech
|
xpost
|
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being ret…
|
CWE-89
SQL Injection
|
CVE-2020-7356
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202084
|
8.4 |
HIGH
Local
|
mcafee
|
total_protection
|
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.
|
NVD-CWE-noinfo
|
CVE-2020-7298
|
2024-11-21 14:37 |
2020-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202085
|
8.8 |
HIGH
Local
|
gog
|
galaxy
|
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with thi…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-7352
|
2024-11-21 14:37 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202086
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7823
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202087
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7822
|
2024-11-21 14:37 |
2020-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202088
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7829
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202089
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7828
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202090
|
7.8 |
HIGH
Local
|
hmtalk
|
daviewindy
|
DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and …
|
CWE-416
Use After Free
|
CVE-2020-7827
|
2024-11-21 14:37 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
