Lyhin's Lab

CVE-2020-22475 EXPLOITDB MEDIUM text WRITEUP

Tasks <9.7.3 - Privilege Escalation

"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.

CVSS 6.8

View Code

CVE-2020-28872 EXPLOITDB CRITICAL python WORKING POC

Monitorr 1.7.6m - Unauthenticated Authorization Bypass via Registration Endpoint

An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.

CVSS 9.8

View Code

CVE-2020-28871 EXPLOITDB CRITICAL python WORKING POC

Monitorr 1.7.6m - Unauthenticated Remote Code Execution via Insecure File Upload

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.

CVSS 9.8

View Code

CVE-2020-28870 EXPLOITDB CRITICAL python WORKING POC

InoERP 0.7.2 - Unauthenticated Remote Code Execution via /modules/sys/form_personalization/json_fp.php

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.

CVSS 9.8

View Code