|
202161
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_operator_terminal_expert
|
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as V…
|
CWE-22
Path Traversal
|
CVE-2020-7497
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202162
|
7.8 |
HIGH
Local
|
se
|
ecostruxure_operator_terminal_expert
|
A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write…
|
CWE-88
Argument Injection
|
CVE-2020-7496
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202163
|
5.5 |
MEDIUM
Local
|
schneider-electric
|
ecostruxure_operator_terminal_expert
|
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and…
|
CWE-22
Path Traversal
|
CVE-2020-7495
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202164
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_operator_terminal_expert
|
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as V…
|
CWE-22
Path Traversal
|
CVE-2020-7494
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202165
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_operator_terminal_expert
|
A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly know…
|
CWE-89
SQL Injection
|
CVE-2020-7493
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202166
|
6.5 |
MEDIUM
Network
|
schneider-electric
|
gp-pro_ex_firmware
|
A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not…
|
CWE-521
Weak Password Requirements
|
CVE-2020-7492
|
2024-11-21 14:37 |
2020-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202167
|
9.1 |
CRITICAL
Network
|
siemens
|
logo\!_8_bm_firmware
|
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project…
|
-
|
CVE-2020-7589
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202168
|
9.8 |
CRITICAL
Network
|
cd-messenger_project
|
cd-messenger
|
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution.
|
CWE-94
Code Injection
|
CVE-2020-7675
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202169
|
9.8 |
CRITICAL
Network
|
access-policy_project
|
access-policy
|
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.
|
CWE-94
Code Injection
|
CVE-2020-7674
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202170
|
9.8 |
CRITICAL
Network
|
node-extend_project
|
node-extend
|
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `…
|
CWE-94
Code Injection
|
CVE-2020-7673
|
2024-11-21 14:37 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
