Ni9htMar3/vulnerability

Releases0

Stars5

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-18753 ↗	Aug 13, 2021Friday, 13 August 2021, 17:15	9.8 CRITICAL	7.5 HIGH
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
CVE-2020-18754 ↗	Aug 13, 2021Friday, 13 August 2021, 17:15	7.5 HIGH	5 MEDIUM
An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
CVE-2020-18756 ↗	Aug 13, 2021Friday, 13 August 2021, 17:15	7.5 HIGH	5 MEDIUM
An arbitrary memory access vulnerability in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to read the contents of any variable area.
CVE-2020-18757 ↗	Aug 13, 2021Friday, 13 August 2021, 17:15	7.5 HIGH	7.8 HIGH
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.
CVE-2020-18758 ↗	Aug 13, 2021Friday, 13 August 2021, 17:15	9.8 CRITICAL	10 HIGH
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.
CVE-2020-18759 ↗	Aug 13, 2021Friday, 13 August 2021, 17:15	7.5 HIGH	5 MEDIUM
An information disclosure vulnerability exists in the EPA protocol of Dut Computer Control Engineering Co.'s PLC MAC1100.
CVE-2019-9590 ↗	Mar 6, 2019Wednesday, 6 March 2019, 16:29	—	5 MEDIUM
An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x01\x00\xac\xff\x00 (aka UID 0x43) requests to TCP port 502.
CVE-2018-8965 ↗	Mar 24, 2018Saturday, 24 March 2018, 18:29	7.5 HIGH	6.4 MEDIUM
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
CVE-2018-8966 ↗	Mar 24, 2018Saturday, 24 March 2018, 18:29	7.5 HIGH	5 MEDIUM
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
CVE-2018-8967 ↗	Mar 24, 2018Saturday, 24 March 2018, 18:29	9.8 CRITICAL	7.5 HIGH
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
CVE-2018-8968 ↗	Mar 24, 2018Saturday, 24 March 2018, 18:29	7.5 HIGH	6.4 MEDIUM
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
CVE-2018-8969 ↗	Mar 24, 2018Saturday, 24 March 2018, 18:29	7.5 HIGH	6.4 MEDIUM
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.