|
224331
|
6.1 |
MEDIUM
Network
|
clonos
|
clonos
|
A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18419
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224332
|
8.8 |
HIGH
Network
|
sourcecodester
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequat…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-18417
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224333
|
6.1 |
MEDIUM
Network
|
restaurant_management_system_project
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18416
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224334
|
6.1 |
MEDIUM
Network
|
restaurant_management_system_project
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18415
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224335
|
8.8 |
HIGH
Network
|
sourcecodester
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricki…
|
CWE-352
Origin Validation Error
|
CVE-2019-18414
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224336
|
9.8 |
CRITICAL
Network
|
typestack_class-validator_project
|
typestack_class-validator
|
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbid…
|
CWE-79
CWE-89
Cross-site Scripting
SQL Injection
|
CVE-2019-18413
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224337
|
7.8 |
HIGH
Local
|
zenspider
|
ruby_parser-legacy
|
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 throug…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18409
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224338
|
7.5 |
HIGH
Network
|
libarchive
debian
canonical
|
libarchive
debian_linux
ubuntu_linux
|
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
|
CWE-416
Use After Free
|
CVE-2019-18408
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224339
|
9.8 |
CRITICAL
Network
|
igniterealtime
|
openfire
|
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-18394
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224340
|
5.3 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
|
CWE-22
Path Traversal
|
CVE-2019-18393
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
