|
211171
|
8.8 |
HIGH
Network
|
quadbase
|
espressreport_enterprise_server
|
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues…
|
CWE-352
Origin Validation Error
|
CVE-2019-9958
|
2024-11-21 13:52 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211172
|
5.4 |
MEDIUM
Network
|
quadbase
|
espressreport_es
|
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is sto…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9957
|
2024-11-21 13:52 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211173
|
6.1 |
MEDIUM
Network
|
openfind
|
mail2000
|
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
|
CWE-79
Cross-site Scripting
|
CVE-2019-9763
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211174
|
4.8 |
MEDIUM
Network
|
symantec
|
data_loss_prevention
|
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by …
|
CWE-79
Cross-site Scripting
|
CVE-2019-9701
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211175
|
7.2 |
HIGH
Network
|
miniblog_project
|
miniblog
|
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9842
|
2024-11-21 13:52 |
2019-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211176
|
7.8 |
HIGH
Local
|
dahuasecurity
|
ipc-hfw1xxx_firmware
ipc-hdw1xxx_firmware
ipc-hfw2xxx_firmware
|
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9676
|
2024-11-21 13:52 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211177
|
5.3 |
MEDIUM
Network
|
wpengine
|
wpgraphql
|
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9881
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211178
|
9.1 |
CRITICAL
Network
|
wpengine
|
wpgraphql
|
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9880
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211179
|
9.8 |
CRITICAL
Network
|
wpengine
|
wpgraphql
|
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutatio…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9879
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211180
|
8.8 |
HIGH
Network
|
northern
|
cfengine
|
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-9929
|
2024-11-21 13:52 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
