|
210371
|
9.8 |
CRITICAL
Network
|
docker
|
crux_linux_docker_image
|
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allo…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-29389
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210372
|
4.8 |
MEDIUM
Network
|
lepton-cms
|
leptoncms
|
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview secti…
|
CWE-79
Cross-site Scripting
|
CVE-2020-29240
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210373
|
6.1 |
MEDIUM
Network
|
janobe
|
online_voting_system
|
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When …
|
CWE-79
Cross-site Scripting
|
CVE-2020-29239
|
2024-11-21 14:23 |
2020-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210374
|
5.4 |
MEDIUM
Network
|
thinkadmin
|
thinkadmin
|
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29315
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210375
|
7.5 |
HIGH
Network
|
atx
|
minicmts200a_firmware
|
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated at…
|
CWE-22
Path Traversal
|
CVE-2020-28993
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210376
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_os_5
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on…
|
CWE-287
Improper Authentication
|
CVE-2020-28971
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210377
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_os_5
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on…
|
CWE-287
Improper Authentication
|
CVE-2020-28970
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210378
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_os_5
|
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on…
|
CWE-287
Improper Authentication
|
CVE-2020-28940
|
2024-11-21 14:23 |
2020-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210379
|
6.1 |
MEDIUM
Network
|
myeventon
|
eventon
|
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
|
CWE-79
Cross-site Scripting
|
CVE-2020-29395
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210380
|
7.8 |
HIGH
Local
|
genivi
debian
|
diagnostic_log_and_trace
debian_linux
|
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-29394
|
2024-11-21 14:23 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
