|
198771
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets e…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6278
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198772
|
6.1 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6276
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198773
|
5.4 |
MEDIUM
Network
|
sap
|
disclosure_management
|
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-6267
|
2024-11-21 14:35 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198774
|
7.2 |
HIGH
Network
|
icehrm
|
icehrm
|
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request …
|
CWE-89
SQL Injection
|
CVE-2020-6114
|
2024-11-21 14:35 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198775
|
7.8 |
HIGH
Local
|
leadtools
|
leadtools
|
An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attac…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6089
|
2024-11-21 14:35 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198776
|
5.3 |
MEDIUM
Network
|
sap
|
solution_manager
|
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
|
CWE-20
CWE-116
Improper Input Validation
Improper Encoding or Escaping of Output
|
CVE-2020-6261
|
2024-11-21 14:35 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198777
|
7.2 |
HIGH
Network
|
wago
|
pfc200_firmware
|
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution r…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2020-6090
|
2024-11-21 14:35 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198778
|
9.8 |
CRITICAL
Network
|
sap
|
netweaver_application_server_abap
|
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-6275
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198779
|
8.2 |
HIGH
Network
|
sap
|
solution_manager
|
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and re…
|
CWE-91
Blind XPath Injection
|
CVE-2020-6271
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198780
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Au…
|
CWE-862
Missing Authorization
|
CVE-2020-6270
|
2024-11-21 14:35 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
