CVE-2020-9028
- EPSS 0.33%
- Published 17.02.2020 04:15:11
- Last modified 21.11.2024 05:39:51
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
CVE-2020-9029
- EPSS 0.22%
- Published 17.02.2020 04:15:11
- Last modified 21.11.2024 05:39:51
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
CVE-2020-9030
- EPSS 0.22%
- Published 17.02.2020 04:15:11
- Last modified 21.11.2024 05:39:51
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
CVE-2020-9031
- EPSS 0.22%
- Published 17.02.2020 04:15:11
- Last modified 21.11.2024 05:39:52
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
CVE-2020-9032
- EPSS 0.22%
- Published 17.02.2020 04:15:11
- Last modified 21.11.2024 05:39:52
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
CVE-2020-9033
- EPSS 0.22%
- Published 17.02.2020 04:15:11
- Last modified 21.11.2024 05:39:52
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
CVE-2020-9034
- EPSS 0.7%
- Published 17.02.2020 03:15:10
- Last modified 21.11.2024 05:39:52
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.