|
222421
|
9.8 |
CRITICAL
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
|
CWE-89
SQL Injection
|
CVE-2019-19876
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222422
|
9.8 |
CRITICAL
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus…
|
CWE-77
Command Injection
|
CVE-2019-19875
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222423
|
9.8 |
CRITICAL
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server,…
|
CWE-77
Command Injection
|
CVE-2019-19874
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222424
|
7.5 |
HIGH
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than …
|
NVD-CWE-noinfo
|
CVE-2019-19873
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222425
|
9.8 |
CRITICAL
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a d…
|
CWE-77
Command Injection
|
CVE-2019-19872
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222426
|
7.5 |
HIGH
Network
|
br-automation
|
industrial_automation_aprol
|
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.
|
NVD-CWE-noinfo
|
CVE-2019-19869
|
2024-11-21 13:35 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222427
|
9.1 |
CRITICAL
Network
|
bender
|
com465ip_firmware
com465dp_firmware
com465id_firmware
cp700_firmware
cp907_firmware
cp915_firmware
|
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorizati…
|
CWE-862
Missing Authorization
|
CVE-2019-19885
|
2024-11-21 13:35 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222428
|
7.5 |
HIGH
Network
|
ise
|
smart_connect_knx_vaillant
|
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-19643
|
2024-11-21 13:35 |
2020-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222429
|
7.5 |
HIGH
Network
|
jetbrains
|
upsource
|
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
|
NVD-CWE-noinfo
|
CVE-2019-19704
|
2024-11-21 13:35 |
2020-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222430
|
6.1 |
MEDIUM
Network
|
froala
|
froala_editor
|
Froala Editor before 3.2.3 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19935
|
2024-11-21 13:35 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
