|
211921
|
8.8 |
HIGH
Network
|
maccms
|
maccms
|
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation o…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2019-9829
|
2024-11-21 13:52 |
2019-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211922
|
9.8 |
CRITICAL
Network
|
feifeicms
|
feifeicms
|
FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9825
|
2024-11-21 13:52 |
2019-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211923
|
8.8 |
HIGH
Network
|
wordpress
|
wordpress
|
WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandle…
|
CWE-352
Origin Validation Error
|
CVE-2019-9787
|
2024-11-21 13:52 |
2019-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211924
|
7.8 |
HIGH
Local
|
gitnoteapp
|
gitnote
|
gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerr…
|
CWE-78
OS Command
|
CVE-2019-9785
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211925
|
7.5 |
HIGH
Network
|
gnu
opensuse
|
libredwg
leap
backports_sle
|
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9779
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211926
|
7.5 |
HIGH
Network
|
gnu
opensuse
|
libredwg
leap
backports_sle
|
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9778
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211927
|
7.5 |
HIGH
Network
|
gnu
opensuse
|
libredwg
leap
backports_sle
|
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9777
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211928
|
7.5 |
HIGH
Network
|
gnu
opensuse
|
libredwg
leap
backports_sle
|
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9776
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211929
|
9.1 |
CRITICAL
Network
|
gnu
opensuse
|
libredwg
leap
backports_sle
|
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9775
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211930
|
9.1 |
CRITICAL
Network
|
gnu
opensuse
|
libredwg
leap
backports_sle
|
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9774
|
2024-11-21 13:52 |
2019-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
