|
218711
|
7.5 |
HIGH
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO P…
|
NVD-CWE-noinfo
|
CVE-2019-5134
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218712
|
7.5 |
HIGH
Network
|
wago
|
e\!cockpit
|
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret,…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-5107
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218713
|
7.5 |
HIGH
Network
|
wago
|
pfc200_firmware
pfc100_firmware
|
The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-5149
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218714
|
5.5 |
MEDIUM
Local
|
wago
|
e\!cockpit
|
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-5106
|
2024-11-21 13:44 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218715
|
7.2 |
HIGH
Network
|
arubanetworks
|
airwave
|
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to over…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-5326
|
2024-11-21 13:44 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218716
|
7.2 |
HIGH
Network
|
arubanetworks
|
airwave
|
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If…
|
CWE-77
Command Injection
|
CVE-2019-5323
|
2024-11-21 13:44 |
2020-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218717
|
4.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitte…
|
CWE-352
Origin Validation Error
|
CVE-2019-4726
|
2024-11-21 13:44 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218718
|
7.2 |
HIGH
Network
|
moxa
|
awk-3131a_firmware
|
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interp…
|
CWE-287
Improper Authentication
|
CVE-2019-5165
|
2024-11-21 13:44 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218719
|
8.8 |
HIGH
Network
|
moxa
|
awk-3131a_firmware
|
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause th…
|
NVD-CWE-noinfo
|
CVE-2019-5162
|
2024-11-21 13:44 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218720
|
8.8 |
HIGH
Network
|
moxa
|
awk-3131a_firmware
|
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-5153
|
2024-11-21 13:44 |
2020-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
