|
223891
|
5.3 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.
|
NVD-CWE-noinfo
|
CVE-2019-25026
|
2024-11-21 13:39 |
2021-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223892
|
5.3 |
MEDIUM
Network
|
rubyonrails
|
active_record_session_store
|
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed se…
|
NVD-CWE-Other
|
CVE-2019-25025
|
2024-11-21 13:39 |
2021-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223893
|
6.5 |
MEDIUM
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inj…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-25023
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223894
|
9.8 |
CRITICAL
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Run…
|
CWE-78
OS Command
|
CVE-2019-25022
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223895
|
7.5 |
HIGH
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password canno…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-25021
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223896
|
7.5 |
HIGH
Network
|
scytl
|
secure_vote
|
An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sd…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-25020
|
2024-11-21 13:39 |
2021-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223897
|
9.8 |
CRITICAL
Network
|
alleghenycreative
|
openrepeater
|
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
|
CWE-78
OS Command
|
CVE-2019-25024
|
2024-11-21 13:39 |
2021-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223898
|
9.8 |
CRITICAL
Network
|
limesurvey
|
limesurvey
|
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
|
CWE-89
SQL Injection
|
CVE-2019-25019
|
2024-11-21 13:39 |
2021-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223899
|
7.5 |
HIGH
Network
|
mit
|
krb5-appl
|
In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. …
|
NVD-CWE-noinfo
|
CVE-2019-25018
|
2024-11-21 13:39 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223900
|
5.9 |
MEDIUM
Network
|
mit
|
krb5-appl
|
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, t…
|
CWE-863
Incorrect Authorization
|
CVE-2019-25017
|
2024-11-21 13:39 |
2021-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
