|
211871
|
8.8 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a sessio…
|
CWE-384
Session Fixation
|
CVE-2020-25198
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211872
|
9.8 |
CRITICAL
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-25196
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211873
|
8.8 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administ…
|
CWE-269
Improper Privilege Management
|
CVE-2020-25194
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211874
|
5.3 |
MEDIUM
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
|
CWE-200
Information Exposure
|
CVE-2020-25192
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211875
|
9.8 |
CRITICAL
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-25190
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211876
|
7.5 |
HIGH
Network
|
moxa
|
nport_iaw5000a-i\/o_firmware
|
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
|
CWE-521
Weak Password Requirements
|
CVE-2020-25153
|
2024-11-21 14:17 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211877
|
9.8 |
CRITICAL
Network
|
treck
|
tcp\/ip
|
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-25066
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211878
|
7.8 |
HIGH
Local
|
supremocontrol
|
supremo
|
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename.
|
CWE-269
Improper Privilege Management
|
CVE-2020-25106
|
2024-11-21 14:17 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211879
|
8.8 |
HIGH
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact …
|
NVD-CWE-Other
|
CVE-2020-25096
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211880
|
8.8 |
HIGH
Network
|
logrhythm
|
platform_manager
|
LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session…
|
CWE-352
Origin Validation Error
|
CVE-2020-25095
|
2024-11-21 14:17 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
