|
201221
|
8.1 |
HIGH
Network
|
sap
|
commerce
|
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or …
|
NVD-CWE-noinfo
|
CVE-2020-6302
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201222
|
7.2 |
HIGH
Network
|
sap
|
abap_platform
|
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code…
|
CWE-94
Code Injection
|
CVE-2020-6318
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201223
|
5.4 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page pro…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6312
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201224
|
5.3 |
MEDIUM
Network
|
sap
|
businessobjects_business_intelligence_platform
|
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file form…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-6288
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201225
|
6.1 |
MEDIUM
Network
|
sap
|
fiori_launchpad
|
SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in re…
|
CWE-79
Cross-site Scripting
|
CVE-2020-6283
|
2024-11-21 14:35 |
2020-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201226
|
7.8 |
HIGH
Local
|
accusoft
|
imagegear
|
A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6152
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201227
|
9.8 |
CRITICAL
Network
|
accusoft
|
imagegear
|
A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacke…
|
CWE-787
CWE-704
Out-of-bounds Write
Incorrect Type Conversion or Cast
|
CVE-2020-6151
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201228
|
9.8 |
CRITICAL
Network
|
os4ed
|
opensis
|
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code in…
|
CWE-94
Code Injection
|
CVE-2020-6144
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201229
|
9.8 |
CRITICAL
Network
|
os4ed
|
opensis
|
A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code in…
|
CWE-94
Code Injection
|
CVE-2020-6143
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201230
|
9.8 |
CRITICAL
Network
|
os4ed
|
opensis
|
A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP reque…
|
CWE-22
Path Traversal
|
CVE-2020-6142
|
2024-11-21 14:35 |
2020-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
