|
210871
|
8.8 |
HIGH
Network
|
cisco
|
iot_field_network_director
|
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerabilit…
|
CWE-89
SQL Injection
|
CVE-2020-26075
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210872
|
8.7 |
HIGH
Network
|
cisco
|
iot_field_network_director
|
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. …
|
CWE-269
Improper Privilege Management
|
CVE-2020-26072
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210873
|
6.5 |
MEDIUM
Network
|
cisco
|
roomos
telepresence_collaboration_endpoint
|
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The v…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-26068
|
2024-11-21 14:19 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210874
|
6.1 |
MEDIUM
Network
|
typo3
|
fluid
|
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper al…
|
-
|
CVE-2020-26216
|
2024-11-21 14:19 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210875
|
6.5 |
MEDIUM
Adjacent
|
genexis
|
platinum_4410_firmware
|
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adj…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-25988
|
2024-11-21 14:19 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210876
|
7.1 |
HIGH
Network
|
gitlab
|
gitlab
|
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.…
|
CWE-22
Path Traversal
|
CVE-2020-26405
|
2024-11-21 14:19 |
2020-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210877
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with rep…
|
NVD-CWE-noinfo
|
CVE-2020-26406
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210878
|
6.1 |
MEDIUM
Network
|
prestashop
|
product_comments
|
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0…
|
-
|
CVE-2020-26225
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210879
|
7.5 |
HIGH
Network
|
prestashop
|
prestashop
|
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an …
|
NVD-CWE-noinfo
|
CVE-2020-26224
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210880
|
9.8 |
CRITICAL
Network
|
airleader
|
airleader_master_control
|
Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-26510
|
2024-11-21 14:19 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
