|
222501
|
9.8 |
CRITICAL
Network
|
socomec
|
diris_a-40_firmware
|
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
|
CWE-200
Information Exposure
|
CVE-2019-15859
|
2024-11-21 13:29 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222502
|
8.0 |
HIGH
Adjacent
|
altair
|
pbs_professional
|
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code e…
|
NVD-CWE-noinfo
|
CVE-2019-15719
|
2024-11-21 13:29 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222503
|
6.8 |
MEDIUM
Physics
|
espressif
|
esp-idf
|
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt th…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-15894
|
2024-11-21 13:29 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222504
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenti…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15751
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222505
|
6.1 |
MEDIUM
Network
|
sitos
|
sitos_six
|
A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15750
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222506
|
6.5 |
MEDIUM
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-15749
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222507
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functio…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15748
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222508
|
8.8 |
HIGH
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.
|
CWE-269
Improper Privilege Management
|
CVE-2019-15747
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222509
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
|
CWE-94
CWE-78
Code Injection
OS Command
|
CVE-2019-15746
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222510
|
8.8 |
HIGH
Network
|
kslabs
|
ksweb
|
The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15766
|
2024-11-21 13:29 |
2019-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
