|
222621
|
8.8 |
HIGH
Network
|
open-emr
|
openemr
|
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form.
|
CWE-78
OS Command
|
CVE-2019-3968
|
2024-11-21 13:42 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222622
|
6.5 |
MEDIUM
Network
|
dell
|
emc_powerconnect_8024_firmware
emc_powerconnect_7000_firmware
emc_powerconnect_m6348_firmware
emc_powerconnect_m6220_firmware
emc_powerconnect_m8024_firmware
emc_powerconnect_m8024-k_f…
|
Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-3753
|
2024-11-21 13:42 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222623
|
6.5 |
MEDIUM
Network
|
open-emr
|
openemr
|
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
|
CWE-22
Path Traversal
|
CVE-2019-3967
|
2024-11-21 13:42 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222624
|
6.1 |
MEDIUM
Network
|
open-emr
|
openemr
|
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's sess…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3966
|
2024-11-21 13:42 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222625
|
6.1 |
MEDIUM
Network
|
open-emr
|
openemr
|
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's ses…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3965
|
2024-11-21 13:42 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222626
|
6.1 |
MEDIUM
Network
|
open-emr
|
openemr
|
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
|
CWE-79
Cross-site Scripting
|
CVE-2019-3964
|
2024-11-21 13:42 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222627
|
6.1 |
MEDIUM
Network
|
open-emr
|
openemr
|
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's sess…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3963
|
2024-11-21 13:42 |
2019-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222628
|
8.1 |
HIGH
Network
|
tenable
|
nessus
|
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially creating a denial of service condition.
|
NVD-CWE-noinfo
|
CVE-2019-3974
|
2024-11-21 13:42 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222629
|
5.4 |
MEDIUM
Network
|
zte
|
zxhn_f670_firmware
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerabilit…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3418
|
2024-11-21 13:42 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222630
|
8.8 |
HIGH
Network
|
zte
|
zxhn_f670_firmware
|
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerabi…
|
CWE-78
OS Command
|
CVE-2019-3417
|
2024-11-21 13:42 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
