|
210841
|
5.4 |
MEDIUM
Network
|
rocketgenius
|
gravityforms
|
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27852
|
2024-11-21 14:21 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210842
|
5.4 |
MEDIUM
Network
|
rocketgenius
|
gravityforms
|
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary H…
|
CWE-79
Cross-site Scripting
|
CVE-2020-27851
|
2024-11-21 14:21 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210843
|
4.8 |
MEDIUM
Network
|
rocketgenius
|
gravityforms
|
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of …
|
CWE-79
Cross-site Scripting
|
CVE-2020-27850
|
2024-11-21 14:21 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210844
|
7.5 |
HIGH
Network
|
arcserve
|
d2d
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The speci…
|
CWE-611
XXE
|
CVE-2020-27858
|
2024-11-21 14:21 |
2021-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210845
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
|
CWE-89
SQL Injection
|
CVE-2020-27733
|
2024-11-21 14:21 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210846
|
5.5 |
MEDIUM
Local
|
totolink
|
a702r_firmware
|
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-27368
|
2024-11-21 14:21 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210847
|
9.8 |
CRITICAL
Network
|
loxone
|
miniserver_gen_1_firmware
|
Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or atta…
|
CWE-287
Improper Authentication
|
CVE-2020-27488
|
2024-11-21 14:21 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210848
|
9.8 |
CRITICAL
Network
|
r-project
|
cran
|
The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD…
|
CWE-22
Path Traversal
|
CVE-2020-27637
|
2024-11-21 14:21 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210849
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-b
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-843
Type Confusion
|
CVE-2020-27293
|
2024-11-21 14:21 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210850
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-b
|
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-27291
|
2024-11-21 14:21 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
