|
212701
|
4.8 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7646
|
2024-11-21 13:48 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212702
|
7.5 |
HIGH
Network
|
ghs
|
integrity_rtos
|
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2019-7715
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212703
|
9.8 |
CRITICAL
Network
|
ghs
|
integrity_rtos
|
An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4. It allocates 60 bytes for the HTTP Authentication header. However, when copying this header to parse, it does not chec…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7714
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212704
|
9.8 |
CRITICAL
Network
|
ghs
|
integrity_rtos
|
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. There is a heap-based buffer overflow in the function responsible for printing the shell prompt,…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7713
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212705
|
7.5 |
HIGH
Network
|
ghs
|
integrity_rtos
|
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is use…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2019-7712
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212706
|
7.5 |
HIGH
Network
|
ghs
|
integrity_rtos
|
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which i…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2019-7711
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212707
|
7.5 |
HIGH
Network
|
dlink
|
dir-817lw_firmware
dir-816l_firmware
dir-816_firmware
dir-850l_firmware
dir-868l_firmware
|
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-7642
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212708
|
7.5 |
HIGH
Network
|
elastic
|
winlogbeat
|
Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.
|
NVD-CWE-Other
|
CVE-2019-7613
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212709
|
9.8 |
CRITICAL
Network
|
elastic
netapp
|
logstash
active_iq_performance_analytics_services
|
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credent…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-7612
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212710
|
9.0 |
CRITICAL
Network
|
elastic
|
kibana
|
Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could se…
|
CWE-77
Command Injection
|
CVE-2019-7610
|
2024-11-21 13:48 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
