|
211471
|
8.8 |
HIGH
Network
|
rockoa
|
rockoa
|
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idf…
|
CWE-89
SQL Injection
|
CVE-2019-9846
|
2024-11-21 13:52 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211472
|
5.3 |
MEDIUM
Network
|
amd
opensuse
|
secure_encrypted_virtualization_firmware
leap
|
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic imp…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-9836
|
2024-11-21 13:52 |
2019-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211473
|
8.8 |
HIGH
Network
|
quadbase
|
espressreport_enterprise_server
|
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues…
|
CWE-352
Origin Validation Error
|
CVE-2019-9958
|
2024-11-21 13:52 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211474
|
5.4 |
MEDIUM
Network
|
quadbase
|
espressreport_es
|
Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is sto…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9957
|
2024-11-21 13:52 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211475
|
6.1 |
MEDIUM
Network
|
openfind
|
mail2000
|
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
|
CWE-79
Cross-site Scripting
|
CVE-2019-9763
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211476
|
4.8 |
MEDIUM
Network
|
symantec
|
data_loss_prevention
|
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by …
|
CWE-79
Cross-site Scripting
|
CVE-2019-9701
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211477
|
7.2 |
HIGH
Network
|
miniblog_project
|
miniblog
|
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9842
|
2024-11-21 13:52 |
2019-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211478
|
7.8 |
HIGH
Local
|
dahuasecurity
|
ipc-hfw1xxx_firmware
ipc-hdw1xxx_firmware
ipc-hfw2xxx_firmware
|
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9676
|
2024-11-21 13:52 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211479
|
5.3 |
MEDIUM
Network
|
wpengine
|
wpgraphql
|
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9881
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211480
|
9.1 |
CRITICAL
Network
|
wpengine
|
wpgraphql
|
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9880
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
