|
224051
|
8.8 |
HIGH
Network
|
davical
|
davical
|
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the applicati…
|
CWE-352
Origin Validation Error
|
CVE-2019-18346
|
2024-11-21 13:33 |
2019-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224052
|
7.5 |
HIGH
Network
|
trustedsec
|
trevorc2
|
TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and in…
|
CWE-330
CWE-203
Use of Insufficiently Random Values
Information Exposure Through Discrepancy
|
CVE-2019-18850
|
2024-11-21 13:33 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224053
|
4.8 |
MEDIUM
Network
|
rsa
emc
|
authentication_manager
rsa_authentication_manager
|
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18574
|
2024-11-21 13:33 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224054
|
5.4 |
MEDIUM
Network
|
openwrt
|
openwrt
|
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
|
CWE-79
Cross-site Scripting
|
CVE-2019-18993
|
2024-11-21 13:33 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224055
|
5.4 |
MEDIUM
Network
|
openwrt
|
openwrt
|
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example,…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18992
|
2024-11-21 13:33 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224056
|
9.8 |
CRITICAL
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connec…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-19015
|
2024-11-21 13:33 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224057
|
7.8 |
HIGH
Local
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can …
|
CWE-269
Improper Privilege Management
|
CVE-2019-19014
|
2024-11-21 13:33 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224058
|
9.8 |
CRITICAL
Network
|
rabbitmq-c_project
fedoraproject
canonical
debian
|
rabbitmq-c
fedora
ubuntu_linux
debian_linux
|
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18609
|
2024-11-21 13:33 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224059
|
7.5 |
HIGH
Network
|
alliedtelesis
|
at-gs950\/8_firmware
|
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request…
|
CWE-22
Path Traversal
|
CVE-2019-18922
|
2024-11-21 13:33 |
2019-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224060
|
4.7 |
MEDIUM
Local
|
linux
redhat
canonical
fedoraproject
opensuse
|
linux_kernel
enterprise_linux
ubuntu_linux
fedora
leap
|
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/…
|
CWE-200
Information Exposure
|
CVE-2019-18660
|
2024-11-21 13:33 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
