5.1
CVE-2020-36918 - iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lβ¦
8.5
CVE-2020-36916 - TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions
TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system acβ¦
8.7
CVE-2020-36915 - Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digβ¦
8.5
CVE-2020-36913 - All-Dynamics Software enlogic:show 2.0.2 Session Fixation Authentication Bypass
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentiallβ¦
5.1
CVE-2020-36912 - Plexus anblick Digital Signage Management 3.1.13 Open Redirect via Pagina Parameter
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validatioβ¦
8.7
CVE-2020-36910 - Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
8.7
CVE-2020-36909 - Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read/Write
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files β¦
5.1
CVE-2020-36908 - Secure Computing SnapGear Management Console SG560 3.1.5 Cross-Site Request Forgery via Admin Users
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full aβ¦
8.7
CVE-2020-36907 - Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service
Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.
5.3
CVE-2020-36906 - P5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User Management
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticatβ¦