|
209571
|
5.4 |
MEDIUM
Network
|
evms
|
redcap
|
A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27359
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209572
|
4.3 |
MEDIUM
Network
|
vanderbilt
|
redcap
|
An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-27358
|
2024-11-21 14:21 |
2020-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209573
|
6.1 |
MEDIUM
Network
|
wso2
|
api_manager
|
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which mea…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27885
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209574
|
8.8 |
HIGH
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary …
|
CWE-78
OS Command
|
CVE-2020-27887
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209575
|
9.8 |
CRITICAL
Network
|
eyesofnetwork
|
eyesofnetwork
|
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available funct…
|
CWE-89
SQL Injection
|
CVE-2020-27886
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209576
|
6.8 |
MEDIUM
Physics
|
clickstudios
|
passwordstate
|
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 dig…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-27747
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209577
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_firmware
|
An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.
|
CWE-78
OS Command
|
CVE-2020-27744
|
2024-11-21 14:21 |
2020-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209578
|
6.1 |
MEDIUM
Network
|
synology
|
router_manager
|
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sens…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-27658
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209579
|
5.9 |
MEDIUM
Network
|
synology
|
router_manager
|
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-27657
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209580
|
3.7 |
LOW
Network
|
synology
|
diskstation_manager
|
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication informa…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-27656
|
2024-11-21 14:21 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
