|
222251
|
9.8 |
CRITICAL
Network
|
icegram
|
email_subscribers_\&_newsletters
|
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerabi…
|
CWE-89
SQL Injection
|
CVE-2019-20361
|
2024-11-21 13:38 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222252
|
7.5 |
HIGH
Network
|
givewp
|
givewp
|
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresse…
|
CWE-287
Improper Authentication
|
CVE-2019-20360
|
2024-11-21 13:38 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222253
|
6.8 |
MEDIUM
Physics
|
okerthai
|
g232v1_firmware
|
OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in or…
|
CWE-78
OS Command
|
CVE-2019-20348
|
2024-11-21 13:38 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222254
|
9.8 |
CRITICAL
Network
|
mojohaus
|
exec_maven
|
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in an execut…
|
CWE-94
Code Injection
|
CVE-2019-20343
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222255
|
4.3 |
MEDIUM
Network
|
pisignage
|
pisignage
|
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=..…
|
CWE-22
Path Traversal
|
CVE-2019-20354
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222256
|
7.1 |
HIGH
Local
|
nasm
|
netwide_assembler
|
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20352
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222257
|
8.8 |
HIGH
Network
|
determine
|
contract_lifecycle_management
|
An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulti…
|
CWE-94
Code Injection
|
CVE-2019-20155
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222258
|
6.1 |
MEDIUM
Network
|
determine
|
contract_lifecycle_management
|
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20154
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222259
|
4.9 |
MEDIUM
Network
|
determine
|
contract_lifecycle_management
|
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload…
|
CWE-611
XXE
|
CVE-2019-20153
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222260
|
4.3 |
MEDIUM
Network
|
typesettercms
|
typesetter
|
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this…
|
CWE-352
Origin Validation Error
|
CVE-2019-20077
|
2024-11-21 13:38 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
