|
196481
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
unity_pro
ecostruxure_control_expert
modicon_m340_firmware
modicon_m580_firmware
|
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to…
|
CWE-74
Injection
|
CVE-2020-7475
|
2024-11-21 14:37 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196482
|
7.8 |
HIGH
Local
|
schneider-electric
|
pmepxm0100_prosoft_configurator
|
A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when usin…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-7474
|
2024-11-21 14:37 |
2020-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196483
|
5.3 |
MEDIUM
Local
|
yargs
|
yargs-parser
|
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7608
|
2024-11-21 14:37 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196484
|
9.8 |
CRITICAL
Network
|
gulp-styledocco_project
|
gulp-styledocco
|
gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.
|
CWE-78
OS Command
|
CVE-2020-7607
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196485
|
9.8 |
CRITICAL
Network
|
docker-compose-remote-api_project
|
docker-compose-remote-api
|
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable '…
|
CWE-78
OS Command
|
CVE-2020-7606
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196486
|
9.8 |
CRITICAL
Network
|
gulp-tape_project
|
gulp-tape
|
gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options.
|
CWE-78
OS Command
|
CVE-2020-7605
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196487
|
9.8 |
CRITICAL
Network
|
pulverizr_project
|
pulverizr
|
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct…
|
CWE-78
OS Command
|
CVE-2020-7604
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196488
|
9.8 |
CRITICAL
Network
|
closure-compiler-stream_project
|
closure-compiler-stream
|
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.
|
CWE-78
OS Command
|
CVE-2020-7603
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196489
|
9.8 |
CRITICAL
Network
|
node-prompt-here_project
|
node-prompt-here
|
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env…
|
CWE-78
OS Command
|
CVE-2020-7602
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196490
|
9.8 |
CRITICAL
Network
|
gulp-scss-lint_project
|
gulp-scss-lint
|
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
|
CWE-78
OS Command
|
CVE-2020-7601
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
