903 matches found
CVE-2020-27387
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...
ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service
Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The device can be shutdown or rebooted by an unauthenticated attacke...
CVE-2020-11804
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request...
Code injection
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request...
CVE-2020-11804
An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request...
Design/Logic Flaw
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. IBM X-Force ID: 179539...
CVE-2020-4410
CVE-2020-4410 affects IBM Jazz Foundation and IBM Engineering products, enabling an authenticated user to read attachments they should not access via a specially crafted HTTP GET request. Public details from IBM bulletin and CNVD corroborate an information-disclosure flaw in IBM Engineering Test ...
D-Link DAP-1522 Authentication Bypass Vulnerability (CVE-2020-15896)
The D-Link DAP-1522 is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Vulnerability
Exploit for hardware platform in category web applications Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr...
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass
Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3...
UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation
UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3 Summary: Medivision is a service that provides everything from DID operatio...
CVE-2020-14932
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...
CVE-2020-14932
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...
Design/Logic Flaw
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...
CVE-2020-14932
compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php...
CVE-2020-11590
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...
Design/Logic Flaw
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...
Cross site request forgery (csrf)
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...
CVE-2020-11590
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...
Nagios XI - Authenticated Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the serve...