|
224101
|
6.1 |
MEDIUM
Network
|
sertek
|
xpare
|
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload …
|
CWE-79
Cross-site Scripting
|
CVE-2019-13448
|
2024-11-21 13:24 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224102
|
9.8 |
CRITICAL
Network
|
sertek
|
xpare
|
An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection.
|
CWE-89
SQL Injection
|
CVE-2019-13447
|
2024-11-21 13:24 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224103
|
7.5 |
HIGH
Network
|
temenos
|
cwx
|
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.
|
NVD-CWE-noinfo
|
CVE-2019-13403
|
2024-11-21 13:24 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224104
|
6.1 |
MEDIUM
Network
|
myt_project
|
myt
|
In MyT 1.5.1, the User[username] parameter has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13346
|
2024-11-21 13:24 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224105
|
6.5 |
MEDIUM
Network
|
zipios_project
|
zipios
|
Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-13453
|
2024-11-21 13:24 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224106
|
7.8 |
HIGH
Local
|
linux
debian
fedoraproject
canonical
redhat
netapp
|
linux_kernel
debian_linux
fedora
ubuntu_linux
enterprise_linux
enterprise_linux_for_real_time
enterprise_linux_for_real_time_for_nfv_tus
enterprise_linux_for_real_time_tus
ent…
|
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obta…
|
NVD-CWE-noinfo
|
CVE-2019-13272
|
2024-11-21 13:24 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224107
|
7.5 |
HIGH
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13359
|
2024-11-21 13:24 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224108
|
8.1 |
HIGH
Network
|
libssh2
debian
fedoraproject
netapp
f5
|
libssh2
debian_linux
fedora
cloud_backup
ontap_select_deploy_administration_utility
e-series_santricity_os_controller
traffix_systems_signaling_delivery_controller
|
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the se…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2019-13115
|
2024-11-21 13:24 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224109
|
5.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-13383
|
2024-11-21 13:24 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224110
|
9.8 |
CRITICAL
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-13360
|
2024-11-21 13:24 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
