|
209331
|
9.8 |
CRITICAL
Network
|
mahadiscom
|
mahavitaran
|
Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account.
|
CWE-613
Insufficient Session Expiration
|
CVE-2020-27416
|
2024-11-21 14:21 |
2021-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209332
|
5.4 |
MEDIUM
Network
|
debug_meta_data_project
|
debug_meta_data
|
The debug-meta-data plugin 1.1.2 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27356
|
2024-11-21 14:21 |
2021-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209333
|
4.2 |
MEDIUM
Local
|
mahadiscom
|
mahavitaran
|
An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-27413
|
2024-11-21 14:21 |
2021-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209334
|
5.9 |
MEDIUM
Network
|
mahadiscom
|
mahavitaran
|
Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server log…
|
CWE-200
Information Exposure
|
CVE-2020-27414
|
2024-11-21 14:21 |
2021-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209335
|
4.7 |
MEDIUM
Local
|
linux
fedoraproject
oracle
|
linux_kernel
fedora
communications_cloud_native_core_binding_support_function
communications_cloud_native_core_policy
communications_cloud_native_core_network_exposure_function
|
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-o…
|
-
|
CVE-2020-27820
|
2024-11-21 14:21 |
2021-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209336
|
5.4 |
MEDIUM
Network
|
dynpg
|
dynpg
|
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
|
CWE-79
Cross-site Scripting
|
CVE-2020-27406
|
2024-11-21 14:21 |
2021-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209337
|
9.8 |
CRITICAL
Network
|
civetweb_project
siemens
|
civetweb
sinec_infrastructure_network_services
|
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request A…
|
CWE-22
Path Traversal
|
CVE-2020-27304
|
2024-11-21 14:21 |
2021-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209338
|
9.8 |
CRITICAL
Network
|
brandy_project
|
brandy
|
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-27372
|
2024-11-21 14:21 |
2021-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209339
|
7.8 |
HIGH
Local
|
rconfig
|
rconfig
|
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.
|
CWE-862
Missing Authorization
|
CVE-2020-27466
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209340
|
7.8 |
HIGH
Local
|
rconfig
|
rconfig
|
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.
|
CWE-862
Missing Authorization
|
CVE-2020-27464
|
2024-11-21 14:21 |
2021-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
