|
209361
|
9.8 |
CRITICAL
Network
|
xinuos
|
openserver
|
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
|
CWE-78
OS Command
|
CVE-2020-25494
|
2024-11-21 14:18 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209362
|
4.9 |
MEDIUM
Network
|
mitel
|
micollab
|
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow…
|
NVD-CWE-noinfo
|
CVE-2020-25612
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209363
|
6.1 |
MEDIUM
Network
|
mitel
|
micollab
|
The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS. Successful exploitati…
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2020-25611
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209364
|
5.3 |
MEDIUM
Network
|
mitel
|
micollab
|
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.
|
NVD-CWE-noinfo
|
CVE-2020-25610
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209365
|
5.4 |
MEDIUM
Network
|
mitel
|
micollab
|
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25609
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209366
|
7.2 |
HIGH
Network
|
mitel
|
micollab
|
The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
|
CWE-20
CWE-89
Improper Input Validation
SQL Injection
|
CVE-2020-25608
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209367
|
6.1 |
MEDIUM
Network
|
mitel
|
micollab
|
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2020-25606
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209368
|
8.8 |
HIGH
Network
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-25622
|
2024-11-21 14:18 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209369
|
8.4 |
HIGH
Local
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25621
|
2024-11-21 14:18 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209370
|
7.8 |
HIGH
Local
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25620
|
2024-11-21 14:18 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
