Skip to main content
CVE-2020-13167 CRITICAL POC THREAT Emergency

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Netsweeper
NVD
CVSS 3.1
9.8
EPSS
95.4%
CVE-2020-13166 CRITICAL POC THREAT Emergency

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Mylittleadmin
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.6%
CVE-2020-11715 CRITICAL Act Now

Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure P99 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-8434 CRITICAL Act Now

Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Internet Campus Solution
NVD
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy