|
209111
|
7.5 |
HIGH
Network
|
tendacn
|
ac1200_firmware
|
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.
|
NVD-CWE-noinfo
|
CVE-2020-28094
|
2024-11-21 14:22 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209112
|
7.2 |
HIGH
Network
|
tendacn
|
ac1200_firmware
|
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234.
|
NVD-CWE-noinfo
|
CVE-2020-28093
|
2024-11-21 14:22 |
2020-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209113
|
5.9 |
MEDIUM
Network
|
terra-master
|
tos
|
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a…
|
NVD-CWE-noinfo
|
CVE-2020-28190
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209114
|
9.8 |
CRITICAL
Network
|
terra-master
|
tos
|
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
|
CWE-78
OS Command
|
CVE-2020-28188
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209115
|
9.8 |
CRITICAL
Network
|
terra-master
|
tos
|
Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to…
|
CWE-22
Path Traversal
|
CVE-2020-28187
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209116
|
7.3 |
HIGH
Network
|
terra-master
|
tos
|
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2020-28186
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209117
|
5.3 |
MEDIUM
Network
|
terra-master
|
tos
|
User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.
|
NVD-CWE-noinfo
|
CVE-2020-28185
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209118
|
5.4 |
MEDIUM
Network
|
terra-master
|
tos
|
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28184
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209119
|
7.0 |
HIGH
Local
|
td-agent-builder_project
debian
|
td-agent-builder
debian_linux
|
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SY…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28169
|
2024-11-21 14:22 |
2020-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209120
|
9.8 |
CRITICAL
Network
|
online_health_care_system_project
|
online_health_care_system
|
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
|
CWE-89
SQL Injection
|
CVE-2020-28074
|
2024-11-21 14:22 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
