|
211611
|
5.4 |
MEDIUM
Network
|
mitel
|
micollab
|
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could …
|
CWE-79
Cross-site Scripting
|
CVE-2020-25609
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211612
|
7.2 |
HIGH
Network
|
mitel
|
micollab
|
The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
|
CWE-20
CWE-89
Improper Input Validation
SQL Injection
|
CVE-2020-25608
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211613
|
6.1 |
MEDIUM
Network
|
mitel
|
micollab
|
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.
|
CWE-79
CWE-20
Cross-site Scripting
Improper Input Validation
|
CVE-2020-25606
|
2024-11-21 14:18 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211614
|
8.8 |
HIGH
Network
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2020-25622
|
2024-11-21 14:18 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211615
|
8.4 |
HIGH
Local
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25621
|
2024-11-21 14:18 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211616
|
7.8 |
HIGH
Local
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-25620
|
2024-11-21 14:18 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211617
|
4.4 |
MEDIUM
Local
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwardi…
|
NVD-CWE-Other
|
CVE-2020-25619
|
2024-11-21 14:18 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211618
|
8.8 |
HIGH
Network
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as …
|
CWE-78
OS Command
|
CVE-2020-25618
|
2024-11-21 14:18 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211619
|
8.8 |
HIGH
Network
|
solarwinds
|
n-central
|
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), le…
|
CWE-22
Path Traversal
|
CVE-2020-25617
|
2024-11-21 14:18 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211620
|
8.8 |
HIGH
Network
|
dlink
|
dsr-150_firmware
dsr-150n_firmware
dsr-250_firmware
dsr-250n_firmware
dsr-500_firmware
dsr-500n_firmware
dsr-500ac_firmware
dsr-1000_firmware
dsr-1000n_firmware
dsr-1000ac_…
|
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to …
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2020-25759
|
2024-11-21 14:18 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
