|
208471
|
7.8 |
HIGH
Local
|
tmux_project
|
tmux
|
In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-27347
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208472
|
7.5 |
HIGH
Network
|
robware
|
rvtools
|
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method f…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27688
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208473
|
7.8 |
HIGH
Local
|
hindotech
|
hk1_box_s905x3_firmware
|
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.
|
NVD-CWE-noinfo
|
CVE-2020-27402
|
2024-11-21 14:21 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208474
|
8.8 |
HIGH
Network
|
horizontcms_project
|
horizontcms
|
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PH…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-27387
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208475
|
8.8 |
HIGH
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the T…
|
CWE-352
Origin Validation Error
|
CVE-2020-27692
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208476
|
6.1 |
MEDIUM
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27691
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208477
|
5.5 |
MEDIUM
Local
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27690
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208478
|
9.8 |
CRITICAL
Network
|
imomobile
|
verve_connect_vh510_firmware
|
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulner…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-27689
|
2024-11-21 14:21 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208479
|
7.8 |
HIGH
Local
|
ea
|
origin
|
A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-27708
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208480
|
5.4 |
MEDIUM
Network
|
evms
|
redcap
|
A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27359
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
