|
223761
|
5.4 |
MEDIUM
Network
|
cridio
|
listingpro
|
The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS via the Best Day/Night field on the new listing submit page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19541
|
2024-11-21 13:34 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223762
|
6.1 |
MEDIUM
Network
|
cridio
|
listingpro
|
The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19540
|
2024-11-21 13:34 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223763
|
5.5 |
MEDIUM
Local
|
f5
|
big-iq_centralized_management
big-ip_local_traffic_manager
big-ip_advanced_firewall_manager
big-ip_application_acceleration_manager
big-ip_analytics
big-ip_access_policy_manager
big…
|
On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IQ versions 7.0.0, 6.0.0-6.1.0, and 5.0.0-5.4.0, iWorkflow version 2.3.0, and Enterprise Ma…
|
CWE-269
Improper Privilege Management
|
CVE-2019-19151
|
2024-11-21 13:34 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223764
|
4.9 |
MEDIUM
Network
|
f5
|
big-ip_access_policy_manager
|
On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-19150
|
2024-11-21 13:34 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223765
|
6.5 |
MEDIUM
Network
|
redhat
|
ceph_storage
|
A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by…
|
NVD-CWE-noinfo
|
CVE-2019-19337
|
2024-11-21 13:34 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223766
|
7.8 |
HIGH
Local
|
broadcom
|
ca_client_automation
|
An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.
|
NVD-CWE-Other
|
CVE-2019-19231
|
2024-11-21 13:34 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223767
|
8.8 |
HIGH
Network
|
plex
|
media_server
|
The Camera Upload functionality in Plex Media Server through 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This…
|
CWE-22
Path Traversal
|
CVE-2019-19141
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223768
|
5.3 |
MEDIUM
Network
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket erro…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-19342
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223769
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible_tower
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where files in '/var/backup/tower' are left world-readable. These files include both the SECRET_KEY and the database backup. Any user w…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19341
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223770
|
8.2 |
HIGH
Network
|
redhat
|
ansible_tower
enterprise_linux
|
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ manage…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-19340
|
2024-11-21 13:34 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
