|
226451
|
7.5 |
HIGH
Network
|
mfscripts
|
yetishare
|
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words, the user is not allowed to choose th…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-20061
|
2024-11-21 13:37 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226452
|
7.5 |
HIGH
Network
|
mfscripts
|
yetishare
|
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensiti…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2019-20060
|
2024-11-21 13:37 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226453
|
8.8 |
HIGH
Network
|
mfscripts
|
yetishare
|
payment_manage.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir_0 parameter into a SQL string. This allows an attacker to inj…
|
CWE-352
CWE-89
Origin Validation Error
SQL Injection
|
CVE-2019-20059
|
2024-11-21 13:37 |
2020-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226454
|
6.8 |
MEDIUM
Network
|
artica
|
pandora_fms
|
Pandora FMS = 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The expl…
|
CWE-78
OS Command
|
CVE-2019-20050
|
2024-11-21 13:37 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226455
|
6.1 |
MEDIUM
Network
|
dicube
|
easescreen_crystal
|
Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authe…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20003
|
2024-11-21 13:37 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226456
|
8.8 |
HIGH
Network
|
intelbras
|
iwr_3000n_firmware
|
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-20004
|
2024-11-21 13:37 |
2020-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226457
|
8.8 |
HIGH
Network
|
symonics
|
libmysofa
|
hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.
|
CWE-665
Improper Initialization
|
CVE-2019-20063
|
2024-11-21 13:37 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226458
|
6.1 |
MEDIUM
Network
|
boltcms
|
bolt
|
Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the _profiler page. NOTE: this is disputed because profiling was never intended for use in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20058
|
2024-11-21 13:37 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226459
|
3.7 |
LOW
Network
|
proxyman
|
proxyman
|
com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier allows an attacker to change the System Proxy and redirect all traffic to an attacker-controlled com…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-20057
|
2024-11-21 13:37 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
226460
|
6.5 |
MEDIUM
Network
|
nothings
|
stb_image.h
|
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.
|
CWE-617
Reachable Assertion
|
CVE-2019-20056
|
2024-11-21 13:37 |
2019-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
