|
222981
|
4.3 |
MEDIUM
Network
|
xtivia
|
web_time_and_expense
|
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary file…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-19616
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222982
|
7.2 |
HIGH
Network
|
strapi
|
strapi
|
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and…
|
CWE-78
OS Command
|
CVE-2019-19609
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222983
|
9.8 |
CRITICAL
Network
|
adobe
prestashop
|
stock_api_integration
prestashop
|
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php fil…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19595
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222984
|
9.8 |
CRITICAL
Network
|
adobe
prestashop
|
stock_api_integration
prestashop
|
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19594
|
2024-11-21 13:35 |
2019-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222985
|
6.1 |
MEDIUM
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-19602
|
2024-11-21 13:35 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222986
|
7.8 |
HIGH
Local
|
opendetex_project
|
opendetex
|
OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-19601
|
2024-11-21 13:35 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222987
|
8.8 |
HIGH
Adjacent
|
dlink
|
dap-1860_firmware
|
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is…
|
CWE-287
Improper Authentication
|
CVE-2019-19598
|
2024-11-21 13:35 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222988
|
8.8 |
HIGH
Adjacent
|
dlink
|
dap-1860_firmware
|
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
|
CWE-863
Incorrect Authorization
|
CVE-2019-19597
|
2024-11-21 13:35 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222989
|
5.4 |
MEDIUM
Network
|
gitbook
|
gitbook
|
GitBook through 2.6.9 allows XSS via a local .md file.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19596
|
2024-11-21 13:35 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222990
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the b…
|
CWE-190
CWE-416
Integer Overflow or Wraparound
Use After Free
|
CVE-2019-19590
|
2024-11-21 13:35 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
