Search Results (83810 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-25206 1 Mimosa 6 B5, B5 Firmware, B5c and 3 more 2024-11-21 7.2 High
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions.
CVE-2020-25205 1 Mimosa 6 B5, B5 Firmware, B5c and 3 more 2024-11-21 6.1 Medium
The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions.
CVE-2020-25199 1 We-con 1 Levistudiou 2024-11-21 7.8 High
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
CVE-2020-25191 1 Ni 2 Compactrio, Compactrio Firmware 2024-11-21 7.5 High
Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.
CVE-2020-25177 1 We-con 1 Plc Editor 2024-11-21 8.8 High
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.
CVE-2020-25173 1 Reolink 14 Rlc-410, Rlc-410 Firmware, Rlc-422 and 11 more 2024-11-21 7.8 High
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
CVE-2020-25171 1 Fujielectric 1 V-server 2024-11-21 7.8 High
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-25161 1 Advantech 1 Webaccess\/scada 2024-11-21 8.8 High
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
CVE-2020-25159 1 Rtautomation 2 499es Ethernet\/ip Adaptor, 499es Ethernet\/ip Adaptor Firmware 2024-11-21 9.8 Critical
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-25148 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.
CVE-2020-25146 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.
CVE-2020-25141 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.
CVE-2020-25140 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.
CVE-2020-25139 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php.
CVE-2020-25138 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.
CVE-2020-25137 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.
CVE-2020-25135 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.
CVE-2020-25131 1 Observium 1 Observium 2024-11-21 6.1 Medium
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI.
CVE-2020-25124 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
CVE-2020-25123 1 Vbulletin 1 Vbulletin 2024-11-21 4.8 Medium
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.