Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-27886
PUBLISHED: 2020-10-29

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).

CVE-2020-27887
PUBLISHED: 2020-10-29

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.

CVE-2020-27747
PUBLISHED: 2020-10-29

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As resu…

CVE-2020-27996
PUBLISHED: 2020-10-29

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.

CVE-2020-27998
PUBLISHED: 2020-10-29

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here