Skip to main content
CVE-2020-9033 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-9032 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-9031 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-9030 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-9029 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-6850 MEDIUM POC This Month

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Saml Sp Single Sign On
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-9028 MEDIUM POC This Month

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Syncserver S100 Firmware Syncserver S200 Firmware Syncserver S250 Firmware Syncserver S300 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9025 MEDIUM POC This Month

Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vantage Velocity Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9022 MEDIUM POC This Month

An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xh2 120 Firmware Xr2436 Firmware Xr520 Firmware Xr620 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9038 MEDIUM POC PATCH This Month

Joplin through 1.0.184 allows Arbitrary File Read via XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Joplin
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.6%
CVE-2020-7959 MEDIUM POC This Month

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Labvantage
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-1853 MEDIUM This Month

GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gaussdb 200
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-1692 MEDIUM PATCH This Month

Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Information Disclosure Moodle
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-1857 MEDIUM This Month

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Nip6800 Firmware Secospace Usg6600 Firmware Usg9500 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-7252 MEDIUM This Month

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Microsoft Data Exchange Layer
NVD
CVSS 3.1
5.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy