CVE-2020-25726 https://ift.tt/2G7mmyi A Directory Traversal issue was discovered on Hak5 WiFi Pineapple Mark VII 1.x before 1.0.1-beta.2020091914551 devices. An unauthenticated user can connect to the wireless management network, including the open wireless network, and access all files and subdirectories under /pineapple/ui, regardless of file permissions. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM
0 Comments
CVE-2018-10432 https://ift.tt/2FPhQ81 Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2018-10585 https://ift.tt/3kLq53B Pexip Infinity before 18 allows remote Denial of Service (XML parsing). Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2019-7177 https://ift.tt/305SBoN Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2019-7178 https://ift.tt/2G9aM5E Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2020-11805 https://ift.tt/3cseX91 Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2020-12824 https://ift.tt/3cwlZcP Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2020-13387 https://ift.tt/36448Zp Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2020-23837 https://ift.tt/3kK81qD A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2017-17477 https://ift.tt/3mOTX0Q Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM |
Categories
All
Archives
October 2020
|