|
223351
|
9.8 |
CRITICAL
Network
|
oxid-esales
|
eshop
|
OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the dat…
|
CWE-89
SQL Injection
|
CVE-2019-13026
|
2024-11-21 13:24 |
2019-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223352
|
7.5 |
HIGH
Network
|
nats
|
nats_server
|
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authe…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-13126
|
2024-11-21 13:24 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223353
|
7.1 |
HIGH
Local
|
denx
|
u-boot
|
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr…
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-13103
|
2024-11-21 13:24 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223354
|
6.1 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing webs…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13387
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223355
|
8.8 |
HIGH
Network
|
centos-webpanel
|
centos_web_panel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privileg…
|
CWE-863
Incorrect Authorization
|
CVE-2019-13386
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223356
|
4.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application b…
|
CWE-22
Path Traversal
|
CVE-2019-13385
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223357
|
7.8 |
HIGH
Local
|
techsmith
|
snagit
|
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic…
|
CWE-59
Link Following
|
CVE-2019-13382
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223358
|
4.9 |
MEDIUM
Network
|
openldap
canonical
debian
opensuse
apple
mcafee
oracle
|
openldap
ubuntu_linux
debian_linux
leap
mac_os_x
policy_auditor
solaris
zfs_storage_appliance_kit
blockchain_platform
|
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g.…
|
NVD-CWE-noinfo
|
CVE-2019-13057
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223359
|
7.3 |
HIGH
Network
|
auth0
|
passport-sharepoint
|
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mech…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-13483
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223360
|
7.5 |
HIGH
Network
|
cat_runner\
|
_decorate_home_project
|
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can …
|
CWE-20
Improper Input Validation
|
CVE-2019-13097
|
2024-11-21 13:24 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
