|
213921
|
9.8 |
CRITICAL
Network
|
themerig
|
find_a_place_cms_directory
|
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
|
CWE-89
SQL Injection
|
CVE-2019-8360
|
2024-11-21 13:49 |
2019-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213922
|
8.1 |
HIGH
Network
|
hiawatha-webserver
|
hiawatha
|
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
|
CWE-22
Path Traversal
|
CVE-2019-8358
|
2024-11-21 13:49 |
2019-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213923
|
5.5 |
MEDIUM
Local
|
sound_exchange_project
|
sound_exchange
|
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-8357
|
2024-11-21 13:49 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213924
|
5.5 |
MEDIUM
Local
|
sound_exchange_project
|
sound_exchange
|
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buff…
|
CWE-787
CWE-129
Out-of-bounds Write
Improper Validation of Array Index
|
CVE-2019-8356
|
2024-11-21 13:49 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213925
|
5.5 |
MEDIUM
Local
|
sound_exchange_project
|
sound_exchange
|
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is …
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2019-8355
|
2024-11-21 13:49 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213926
|
5.0 |
MEDIUM
Local
|
sound_exchange_project
debian
canonical
|
sound_exchange
debian_linux
ubuntu_linux
|
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expecte…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2019-8354
|
2024-11-21 13:49 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213927
|
8.8 |
HIGH
Network
|
beescms
|
beescms
|
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
|
CWE-352
Origin Validation Error
|
CVE-2019-8347
|
2024-11-21 13:49 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213928
|
4.2 |
MEDIUM
Adjacent
|
estrongs
|
es_file_explorer_file_manager
|
The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-8345
|
2024-11-21 13:49 |
2019-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213929
|
7.8 |
HIGH
Local
|
nasm
|
netwide_assembler
|
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
|
CWE-416
Use After Free
|
CVE-2019-8343
|
2024-11-21 13:49 |
2019-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213930
|
9.8 |
CRITICAL
Network
|
pocoo
opensuse
|
jinja2
leap
|
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then ret…
|
CWE-94
Code Injection
|
CVE-2019-8341
|
2024-11-21 13:49 |
2019-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
