|
196581
|
4.3 |
MEDIUM
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavail…
|
CWE-20
Improper Input Validation
|
CVE-2020-6314
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196582
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store ma…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2020-6313
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196583
|
8.1 |
HIGH
Network
|
sap
|
commerce
|
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or …
|
NVD-CWE-noinfo
|
CVE-2020-6302
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196584
|
7.2 |
HIGH
Network
|
sap
|
abap_platform
|
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code…
|
CWE-94
Code Injection
|
CVE-2020-6318
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196585
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page pro…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6312
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196586
|
5.3 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file form…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-6288
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196587
|
6.1 |
MEDIUM
Network
|
sap
|
fiori_launchpad
|
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in re…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6283
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196588
|
7.8 |
HIGH
Local
|
accusoft
|
imagegear
|
A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6152
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196589
|
9.8 |
CRITICAL
Network
|
accusoft
|
imagegear
|
A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacke…
|
CWE-787
CWE-704
Out-of-bounds Write
Incorrect Type Conversion or Cast
|
CVE-2020-6151
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196590
|
9.8 |
CRITICAL
Network
|
os4ed
|
opensis
|
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code in…
|
CWE-94
Code Injection
|
CVE-2020-6144
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
