5296 matches found
CVE-2020-7533
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests...
House Rental 1.0 - 'keywords' SQL Injection
Exploit Title: House Rental 1.0 - 'keywords' SQL Injection Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-07 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/home-rental.zip Version: 1.0 Tested On: Windows 10 Pro...
CVE-2020-12496 ENDRESS+HAUSER: Ecograph T utilizing Webserver firmware version 2.x exposures sensitive information to an unauthorized actor
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 and Memograph M Neutral/Private Label RSG45, ORSG45 with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to t...
RED-V Super Digital Signage System RXV-A740R Log Information Disclosure
RED-V Super Digital Signage System RXV-A740R Log Information Disclosure Vendor: RED-V S.R.L. Product web page: https://www.red-v.tv https://red-v.tv/digital-signage.html Affected version: Model name: RXV-A740R Android version: 5.1.1 Firmware version: 026 Player version: 7.8.6 Downloader version:...
CVE-2020-3657
Technical details for CVE-2020-3657 are not publicly available in the provided documents. Monitor for updates; current sources do not disclose affected products, root cause, or fixes.
Debian DSA-4773-1 : yaws - security update
Two vulnerabilities were discovered in yaws, a high performance HTTP 1.1 webserver written in Erlang. - CVE-2020-24379 The WebDAV implementation is prone to a XML External Entity XXE injection vulnerability. - CVE-2020-24916 The CGI implementation does not properly sanitize CGI requests allowing ...
[SECURITY] [DSA 4773-1] yaws security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4773-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 16, 2020 https://www.debian.org/security/faq -...
Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)
Exploit Title: Seat Reservation System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip...
CVE-2020-27013
Trend Micro Antivirus for Mac 2020 Consumer contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must...
CVE-2020-27013
Trend Micro Antivirus for Mac 2020 Consumer contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must...
CVE-2020-27013
Trend Micro Antivirus for Mac 2020 Consumer contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must...
CVE-2020-25985
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...
Arbitrary file deletion
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...
CVE-2020-25985
MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...
USN-4569-1: Yaws vulnerabilities
It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE injection attack. CVE-2020-24379 It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this...
CVE-2020-25763
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...
Unrestricted file upload
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...
CVE-2020-25763
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files...
Debian: Security Advisory (DLA-2384-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Seat Reservation System 1.0 Shell Upload
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files. Vendor Homepage: www.sourcecodester.com Software Link:...