|
209651
|
4.3 |
MEDIUM
Network
|
siemens
|
desigo_insight
|
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated at…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-15794
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209652
|
5.4 |
MEDIUM
Network
|
siemens
|
desigo_insight
|
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could al…
|
-
|
CVE-2020-15793
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209653
|
4.3 |
MEDIUM
Network
|
siemens
|
desigo_insight
|
A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authen…
|
-
|
CVE-2020-15792
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209654
|
6.8 |
MEDIUM
Physics
|
siemens
|
dca_vantage_analyzer_firmware
|
A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-20…
|
-
|
CVE-2020-15797
|
2024-11-21 14:06 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209655
|
9.8 |
CRITICAL
Network
|
ros
|
ros-comm
|
Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue af…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-16124
|
2024-11-21 14:06 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209656
|
8.8 |
HIGH
Network
|
connectwise
|
automate
|
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15838
|
2024-11-21 14:06 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209657
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
|
CWE-89
SQL Injection
|
CVE-2020-15927
|
2024-11-21 14:06 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209658
|
9.8 |
CRITICAL
Network
|
mitsubishielectric
|
qj71mes96_firmware
qj71ws96_firmware
q06ccpu-v_firmware
q24dhccpu-v_firmware
q24dhccpu-vg_firmware
r12ccpu-v_firmware
rd55up06-v_firmware
rd55up12-v_firmware
rj71gn11-t2_firmw…
|
Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.
|
-
|
CVE-2020-16226
|
2024-11-21 14:06 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209659
|
7.8 |
HIGH
Local
|
fatek
|
winproladder
|
In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely exec…
|
-
|
CVE-2020-16234
|
2024-11-21 14:06 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209660
|
7.2 |
HIGH
Network
|
re-desk
|
re\
|
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account cou…
|
CWE-89
SQL Injection
|
CVE-2020-15849
|
2024-11-21 14:06 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
