|
208431
|
4.2 |
MEDIUM
Local
|
mahadiscom
|
mahavitaran
|
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27413
|
2024-11-21 14:21 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208432
|
5.9 |
MEDIUM
Network
|
mahadiscom
|
mahavitaran
|
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server log…
|
CWE-200
Information Exposure
|
CVE-2020-27414
|
2024-11-21 14:21 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208433
|
4.7 |
MEDIUM
Local
|
linux
fedoraproject
oracle
|
linux_kernel
fedora
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_policy
communications_cloud_native_core_network_exposure_function
|
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o…
|
-
|
CVE-2020-27820
|
2024-11-21 14:21 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208434
|
5.4 |
MEDIUM
Network
|
dynpg
|
dynpg
|
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27406
|
2024-11-21 14:21 |
2021-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208435
|
9.8 |
CRITICAL
Network
|
civetweb_project
siemens
|
civetweb
sinec_infrastructure_network_services
|
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request A…
|
CWE-22
Path Traversal
|
CVE-2020-27304
|
2024-11-21 14:21 |
2021-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208436
|
9.8 |
CRITICAL
Network
|
brandy_project
|
brandy
|
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27372
|
2024-11-21 14:21 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208437
|
7.8 |
HIGH
Local
|
rconfig
|
rconfig
|
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.
|
CWE-862
Missing Authorization
|
CVE-2020-27466
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208438
|
7.8 |
HIGH
Local
|
rconfig
|
rconfig
|
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.
|
CWE-862
Missing Authorization
|
CVE-2020-27464
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208439
|
8.8 |
HIGH
Network
|
seopanel
|
seopanel
|
A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Impo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27461
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208440
|
6.5 |
MEDIUM
Network
|
bookingcore
|
booking_core
|
Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This res…
|
CWE-352
Origin Validation Error
|
CVE-2020-27379
|
2024-11-21 14:21 |
2021-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
