CVE-2020-11617

The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client...

CVE-2020-8090

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS after a successful Administrator login...

CVE-2020-20345

WTCMS 1.0 contains a reflective cross-site scripting XSS vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box...

CVE-2020-11618

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol...

CVE-2020-35980

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gfisomboxdel in isomedia/boxfuncs.c...

CVE-2020-27402

The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port UART connection or using adb...

CVE-2020-21406

An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service...

CVE-2020-21405

An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk...

CVE-2020-14032

ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM...

CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

CVE-2013-10030

A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely...

CVE-2019-6005

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations on the device without user's intent, such as installing arbitrary software or changing the device settings via Android Debug Bridge port 5555/TCP...

CVE-2015-9451

The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfbmailchimp pmfbtid parameter...

CVE-2019-14793

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...

CVE-2019-19967

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI...

CVE-2019-14794

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

CVE-2017-8892

Cross-site scripting XSS vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image...

CVE-2017-8087

Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors...

CVE-2012-1400

Unspecified vulnerability in the U+Box 2.0 Pad lg.uplusbox.pad application 2.0.8.4 for Android has unknown impact and attack vectors...

CVE-2019-14731

An issue was discovered in ZenTao 11.5.1. There is an XSS stored vulnerability that leads to the capture of other people's cookies via the Rich Text Box...