|
211331
|
8.8 |
HIGH
Network
|
ethz
|
minetime
|
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite.
|
CWE-74
Injection
|
CVE-2020-24364
|
2024-11-21 14:14 |
2020-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211332
|
10.0 |
CRITICAL
Network
|
gvectors
|
wpdiscuz
|
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-24186
|
2024-11-21 14:14 |
2020-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211333
|
8.8 |
HIGH
Network
|
verint
|
s5120fd_firmware
|
The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit. This endpoint is vulnerable to …
|
CWE-78
OS Command
|
CVE-2020-24057
|
2024-11-21 14:14 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211334
|
7.5 |
HIGH
Network
|
verint
|
5620ptz_firmware
4320_firmware
s5120fd_firmware
|
A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units. This could cause a confidentiality iss…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-24056
|
2024-11-21 14:14 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211335
|
9.8 |
CRITICAL
Network
|
verint
|
5620ptz_firmware
4320_firmware
|
Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-24055
|
2024-11-21 14:14 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211336
|
9.8 |
CRITICAL
Network
|
moog
|
exvf5c-2_firmware
exvp7c2-3_firmware
|
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One…
|
CWE-78
OS Command
|
CVE-2020-24054
|
2024-11-21 14:14 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211337
|
7.5 |
HIGH
Network
|
moog
|
exvf5c-2_firmware
exvp7c2-3_firmware
|
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-24053
|
2024-11-21 14:14 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211338
|
9.1 |
CRITICAL
Network
|
moog
|
exvf5c-2_firmware
exvp7c2-3_firmware
|
Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition…
|
CWE-611
XXE
|
CVE-2020-24052
|
2024-11-21 14:14 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211339
|
9.8 |
CRITICAL
Network
|
moog
|
exvf5c-2_firmware
exvp7c2-3_firmware
|
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that th…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-24051
|
2024-11-21 14:14 |
2020-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211340
|
7.5 |
HIGH
Network
|
hashicorp
|
vault-ssh-helper
|
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP add…
|
CWE-20
Improper Input Validation
|
CVE-2020-24359
|
2024-11-21 14:14 |
2020-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
