|
209741
|
9.6 |
CRITICAL
Network
|
siemens
|
sicam_a8000_firmware
|
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate sp…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15781
|
2024-11-21 14:06 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209742
|
7.2 |
HIGH
Network
|
geutebrueck
|
g-cam_ebc-2110_firmware
g-cam_ebc-2111_firmware
g-cam_efd-2240_firmware
g-cam_efd-2241_firmware
g-cam_efd-2250_firmware
g-cam_ethc-2230_firmware
g-cam_ethc-2239_firmware
g-cam_et…
|
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.…
|
CWE-78
OS Command
|
CVE-2020-16205
|
2024-11-21 14:06 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209743
|
8.8 |
HIGH
Network
|
loway
|
queuemetrics
|
A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId …
|
CWE-89
SQL Injection
|
CVE-2020-15947
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209744
|
8.8 |
HIGH
Network
|
loway
|
queuemetrics
|
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter.
|
CWE-89
SQL Injection
|
CVE-2020-15925
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209745
|
8.6 |
HIGH
Local
|
vng
|
zalo_desktop
|
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafte…
|
CWE-74
Injection
|
CVE-2020-16087
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209746
|
7.5 |
HIGH
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2020-15868
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209747
|
7.5 |
HIGH
Network
|
cisco
|
unified_ip_conference_station_7937g_firmware
|
A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove …
|
NVD-CWE-noinfo
|
CVE-2020-16139
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209748
|
7.5 |
HIGH
Network
|
cisco
|
unified_ip_conference_station_7937g_firmware
|
A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vul…
|
NVD-CWE-noinfo
|
CVE-2020-16138
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209749
|
9.8 |
CRITICAL
Network
|
cisco
|
unified_ip_conference_station_7937g_firmware
|
A privilege escalation issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to reset the credentials for the SSH administrative console to arbitrary values. Not…
|
NVD-CWE-noinfo
|
CVE-2020-16137
|
2024-11-21 14:06 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209750
|
6.1 |
MEDIUM
Network
|
roundcube
fedoraproject
|
webmail
fedora
|
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16145
|
2024-11-21 14:06 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
