|
209871
|
9.8 |
CRITICAL
Network
|
zyxel
|
zld_firmware
access_points_firmware
|
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitra…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25014
|
2024-11-21 14:16 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209872
|
6.5 |
MEDIUM
Network
|
microstrategy
|
microstrategy
|
A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal ne…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24815
|
2024-11-21 14:16 |
2020-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209873
|
7.5 |
HIGH
Network
|
jetbrains
|
toolbox
|
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
|
NVD-CWE-noinfo
|
CVE-2020-25013
|
2024-11-21 14:16 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209874
|
8.8 |
HIGH
Network
|
fruitywifi_project
|
fruitywifi
|
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is pos…
|
CWE-78
OS Command
|
CVE-2020-24849
|
2024-11-21 14:16 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209875
|
9.8 |
CRITICAL
Network
|
osticket
|
osticket
|
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24881
|
2024-11-21 14:16 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209876
|
7.5 |
HIGH
Network
|
qsc
|
q-sys_core_manager
|
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files vi…
|
CWE-22
Path Traversal
|
CVE-2020-24990
|
2024-11-21 14:16 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209877
|
6.5 |
MEDIUM
Network
|
fireeye
|
email_malware_protection_system
|
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email sear…
|
CWE-89
SQL Injection
|
CVE-2020-25034
|
2024-11-21 14:16 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209878
|
7.8 |
HIGH
Local
|
fruitywifi_project
|
fruitywifi
|
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain …
|
CWE-287
CWE-269
Improper Authentication
Improper Privilege Management
|
CVE-2020-24848
|
2024-11-21 14:16 |
2020-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209879
|
4.3 |
MEDIUM
Network
|
fruitywifi_project
|
fruitywifi
|
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to …
|
CWE-352
Origin Validation Error
|
CVE-2020-24847
|
2024-11-21 14:16 |
2020-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209880
|
7.5 |
HIGH
Network
|
mind
|
imind_server
|
InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 r…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2020-24765
|
2024-11-21 14:16 |
2020-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
