|
219371
|
7.8 |
HIGH
Local
|
dlink
|
dwl-2600ap_firmware
|
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the a…
|
CWE-78
OS Command
|
CVE-2019-20499
|
2024-11-21 13:38 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219372
|
8.8 |
HIGH
Network
|
testlink
|
testlink
|
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) re…
|
CWE-89
SQL Injection
|
CVE-2019-20107
|
2024-11-21 13:38 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219373
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely c…
|
CWE-287
Improper Authentication
|
CVE-2019-20489
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219374
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execu…
|
CWE-78
OS Command
|
CVE-2019-20488
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219375
|
8.8 |
HIGH
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or t…
|
CWE-352
Origin Validation Error
|
CVE-2019-20487
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219376
|
6.1 |
MEDIUM
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the conf…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20486
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219377
|
9.8 |
CRITICAL
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
|
CWE-287
Improper Authentication
|
CVE-2019-20481
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219378
|
8.8 |
HIGH
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there i…
|
CWE-352
Origin Validation Error
|
CVE-2019-20480
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219379
|
6.1 |
MEDIUM
Network
|
openidc
debian
fedoraproject
opensuse
|
mod_auth_openidc
debian_linux
fedora
leap
|
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
|
CWE-601
Open Redirect
|
CVE-2019-20479
|
2024-11-21 13:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219380
|
9.8 |
CRITICAL
Network
|
ruamel.yaml_project
|
ruamel.yaml
|
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaw…
|
NVD-CWE-noinfo
|
CVE-2019-20478
|
2024-11-21 13:38 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
