|
210761
|
7.8 |
HIGH
Local
|
schneider-electric
|
ecostruxure_control_expert
|
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memor…
|
-
|
CVE-2020-28211
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210762
|
7.0 |
HIGH
Local
|
schneider-electric
|
enterprise_server_installer
|
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any…
|
-
|
CVE-2020-28209
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210763
|
6.1 |
MEDIUM
Network
|
sokrates
|
sowasql
|
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28350
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210764
|
6.1 |
MEDIUM
Network
|
schneider-electric
|
ecostruxure_building_operation
|
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker …
|
-
|
CVE-2020-28210
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210765
|
7.5 |
HIGH
Network
|
tsmmanager
|
tsmmanager
|
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If th…
|
NVD-CWE-noinfo
|
CVE-2020-28054
|
2024-11-21 14:22 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210766
|
7.2 |
HIGH
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messag…
|
CWE-78
OS Command
|
CVE-2020-28581
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210767
|
7.2 |
HIGH
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages …
|
CWE-78
OS Command
|
CVE-2020-28580
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210768
|
8.8 |
HIGH
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code executio…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28579
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210769
|
9.8 |
CRITICAL
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execut…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28578
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210770
|
7.5 |
HIGH
Network
|
trendmicro
|
worry-free_business_security
|
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability a…
|
CWE-22
Path Traversal
|
CVE-2020-28574
|
2024-11-21 14:22 |
2020-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
