|
212751
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request …
|
NVD-CWE-noinfo
|
CVE-2019-8107
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212752
|
8.8 |
HIGH
Network
|
magento
|
magento
|
An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable produc…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-8093
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212753
|
5.4 |
MEDIUM
Network
|
magento
|
magento
|
A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via emai…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8092
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212754
|
7.2 |
HIGH
Network
|
magento
|
magento
|
A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigge…
|
NVD-CWE-noinfo
|
CVE-2019-8091
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212755
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update…
|
NVD-CWE-noinfo
|
CVE-2019-8090
|
2024-11-21 13:49 |
2019-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212756
|
6.5 |
MEDIUM
Network
|
magento
|
magento
|
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personal…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-8235
|
2024-11-21 13:49 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212757
|
9.8 |
CRITICAL
Network
|
tightvnc
|
tightvnc
|
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivi…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-8287
|
2024-11-21 13:49 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212758
|
6.5 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site request forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
CWE-352
Origin Validation Error
|
CVE-2019-8234
|
2024-11-21 13:49 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212759
|
9.8 |
CRITICAL
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-77
Command Injection
|
CVE-2019-8088
|
2024-11-21 13:49 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212760
|
7.5 |
HIGH
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml external entity injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
CWE-611
XXE
|
CVE-2019-8087
|
2024-11-21 13:49 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
