Lucene search
K

42 matches found

NVD
NVD
added 2026/01/06 4:15 p.m.7 views

CVE-2020-36914

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...

8.6CVSS0.0028EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/06 3:53 p.m.31 views

CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...

8.6CVSS0.0028EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/06 3:53 p.m.5 views

CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse store...

8.6CVSS6AI score0.0028EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.5 views

QiHang Media Web Digital Signage 安全漏洞

QiHang Media Web Digital Signage is a digital signage management software from the Chinese company QiHang. A security vulnerability exists in QiHang Media Web Digital Signage version 3.0.9, which stems from the presence of a sensitive information disclosure vulnerability that could lead to the...

8.6CVSS6AI score0.0028EPSS
Exploits1References6
EUVD
EUVD
added 2025/12/10 9:31 p.m.8 views

EUVD-2020-30835

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...

9.3CVSS8.4AI score0.01134EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/10 9:31 p.m.6 views

EUVD-2020-30834

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

8.8CVSS6.7AI score0.01579EPSS
Exploits1References5
NVD
NVD
added 2025/12/10 9:16 p.m.6 views

CVE-2020-36899

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

8.7CVSS0.00838EPSS
Exploits1References4
OSV
OSV
added 2025/12/10 9:16 p.m.5 views

CVE-2020-36898

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

9.1CVSS6AI score0.01579EPSS
Exploits1References4
OSV
OSV
added 2025/12/10 9:16 p.m.4 views

CVE-2020-36897

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...

9.8CVSS6.5AI score0.01134EPSS
Exploits1References4
NVD
NVD
added 2025/12/10 9:16 p.m.19 views

CVE-2020-36898

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

9.1CVSS0.01579EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:3 p.m.3 views

CVE-2020-36899 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents...

8.7CVSS6.6AI score0.00838EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:3 p.m.15 views

CVE-2020-36899

CVE-2020-36899 affects QiHang Media Web Digital Signage 3.0.9. An unauthenticated disclosure exists where an attacker can read arbitrary files and directory contents by manipulating unverified filename and path parameters via the QH.aspx endpoint (download/getAll actions). This results in a poten...

8.7CVSS6.7AI score0.00838EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/10 9:3 p.m.24 views

CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

8.8CVSS0.01579EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:3 p.m.3 views

CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

8.8CVSS6.8AI score0.01579EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:3 p.m.12 views

CVE-2020-36898

Summary: CVE-2020-36898 affects QiHang Media Web Digital Signage 3.0.9, exposing an unauthenticated file-deletion vulnerability in the QH.aspx endpoint. The issue allows a remote attacker to delete arbitrary files by POSTing a radius of file paths using directory traversal via the data parameter,...

9.1CVSS6.8AI score0.01579EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/10 9:2 p.m.3 views

CVE-2020-36897 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...

9.3CVSS8.6AI score0.01134EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 9:2 p.m.21 views

CVE-2020-36897 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write a...

9.3CVSS0.01134EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:2 p.m.25 views

CVE-2020-36897

QiHang Media Web Digital Signage 3.0.9 is affected by an unauthenticated remote code‑execution vulnerability in the QH.aspx file. The issue arises from the file‑upload functionality, where attackers can use the remotePath and fileToUpload parameters to write and execute arbitrary system commands ...

9.8CVSS8.6AI score0.01134EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/10 8:55 p.m.21 views

CVE-2020-36896 QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure

QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file,...

8.7CVSS0.00795EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 8:55 p.m.14 views

CVE-2020-36896

QiHang Media Web Digital Signage 3.0.9 has a cleartext credentials vulnerability where hardcoded admin credentials can be retrieved from an unprotected XML file (/xml/User/User.xml), enabling unauthenticated access and direct authentication bypass. This is evidenced across multiple sources (NVD, ...

8.7CVSS6.6AI score0.00795EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder