|
215011
|
6.1 |
MEDIUM
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19643
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215012
|
6.2 |
MEDIUM
Physics
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead A…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-19642
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215013
|
8.8 |
HIGH
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/f…
|
NVD-CWE-Other
|
CVE-2020-19641
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215014
|
7.5 |
HIGH
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/med…
|
NVD-CWE-noinfo
|
CVE-2020-19640
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215015
|
8.8 |
HIGH
Network
|
insma
|
wifi_mini_spy_1080p_hd_security_ip_camera_firmware
|
Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.
|
CWE-352
Origin Validation Error
|
CVE-2020-19639
|
2024-11-21 14:09 |
2021-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215016
|
5.4 |
MEDIUM
Network
|
craftcms
|
craft_cms
|
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19626
|
2024-11-21 14:09 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215017
|
9.8 |
CRITICAL
Network
|
gridx_project
|
gridx
|
Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
|
NVD-CWE-noinfo
|
CVE-2020-19625
|
2024-11-21 14:09 |
2021-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215018
|
7.5 |
HIGH
Network
|
emerson
|
smart_wireless_gateway_1420_firmware
|
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-19419
|
2024-11-21 14:09 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215019
|
8.8 |
HIGH
Network
|
emerson
|
wireless_1420_gateway_firmware
|
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the applicat…
|
NVD-CWE-Other
|
CVE-2020-19417
|
2024-11-21 14:09 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215020
|
6.1 |
MEDIUM
Network
|
carrier
|
webctrl_system
|
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
|
CWE-79
Cross-site Scripting
|
CVE-2020-19762
|
2024-11-21 14:09 |
2021-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
