|
210811
|
6.5 |
MEDIUM
Network
|
etherpad
|
etherpad
|
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-22783
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210812
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.
|
NVD-CWE-noinfo
|
CVE-2020-22782
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210813
|
7.5 |
HIGH
Network
|
etherpad
|
etherpad
|
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
|
CWE-89
SQL Injection
|
CVE-2020-22781
|
2024-11-21 14:13 |
2021-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210814
|
9.8 |
CRITICAL
Network
|
homeautomation_project
|
homeautomation
|
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote co…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-22001
|
2024-11-21 14:13 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210815
|
8.0 |
HIGH
Network
|
homeautomation_project
|
homeautomation
|
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell comm…
|
CWE-352
CWE-78
Origin Validation Error
OS Command
|
CVE-2020-22000
|
2024-11-21 14:13 |
2021-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210816
|
7.5 |
HIGH
Network
|
realtek
|
rtl8723de_firmware
|
An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-23539
|
2024-11-21 14:13 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210817
|
9.8 |
CRITICAL
Network
|
zzcms
|
zzcms
|
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-23426
|
2024-11-21 14:13 |
2021-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210818
|
7.5 |
HIGH
Network
|
unionpayintl
|
union_pay
|
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile a…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-23533
|
2024-11-21 14:13 |
2021-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210819
|
6.1 |
MEDIUM
Network
|
aryanic
|
high_cms
|
Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23517
|
2024-11-21 14:13 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210820
|
5.4 |
MEDIUM
Network
|
ultimatekode
|
neo_billing
|
Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-23518
|
2024-11-21 14:13 |
2021-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
