Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2020
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-07-24
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
CVSS Score
9.8
EPSS Score
0.177
Published
2020-07-24
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
CVSS Score
9.8
EPSS Score
0.601
Published
2020-07-24
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
CVSS Score
7.5
EPSS Score
0.032
Published
2020-07-24
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-07-24
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-07-24
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-07-24
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
CVSS Score
9.8
EPSS Score
0.939
Published
2020-07-24
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-07-23
**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-07-23


Contact Us

Shodan ® - All rights reserved