» 2020 » 12월

CVE-2020-20142

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-20142

Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.

Source: CVE-2020-20142

CVE-2020-20141

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-20141

Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.

Source: CVE-2020-20141

CVE-2020-12523

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-12523

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

Source: CVE-2020-12523

CVE-2020-12522

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-12522

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

Source: CVE-2020-12522

CVE-2020-20140

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-20140

Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.

Source: CVE-2020-20140

CVE-2020-20139

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-20139

Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.

Source: CVE-2020-20139

CVE-2020-20138

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-20138

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.

Source: CVE-2020-20138

CVE-2020-12517

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-12517

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

Source: CVE-2020-12517

CVE-2020-12518

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-12518

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

Source: CVE-2020-12518

CVE-2020-8466

Posted on 2020년 12월 18일2020년 12월 18일 by admin

CVE-2020-8466

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

Source: CVE-2020-8466