Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-25 | CVE-2021-27438 | Use of Hard-coded Credentials vulnerability in GE Reason Dr60 Firmware The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | 6.5 |
2021-03-25 | CVE-2021-22889 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. | 4.3 |
2021-03-25 | CVE-2021-22888 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. | 4.3 |
2021-03-25 | CVE-2020-10584 | Path Traversal vulnerability in Invigo Automatic Device Management A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. | 5.0 |
2021-03-25 | CVE-2020-10583 | OS Command Injection vulnerability in Invigo Automatic Device Management The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. | 9.0 |
2021-03-25 | CVE-2020-10582 | SQL Injection vulnerability in Invigo Automatic Device Management A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database. | 7.5 |
2021-03-25 | CVE-2020-10581 | Exposure of Resource to Wrong Sphere vulnerability in Invigo Automatic Device Management Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. | 5.0 |
2021-03-25 | CVE-2020-10580 | Command Injection vulnerability in Invigo Automatic Device Management 5.0 A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application. | 8.8 |
2021-03-25 | CVE-2020-10579 | Path Traversal vulnerability in Invigo Automatic Device Management A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application. | 5.0 |
2021-03-25 | CVE-2021-3467 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. | 5.5 |