|
211211
|
5.5 |
MEDIUM
Local
|
cron_project
debian
fedoraproject
|
cron
debian_linux
fedora
|
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-9705
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211212
|
5.5 |
MEDIUM
Local
|
cron_project
fedoraproject
debian
|
cron
fedora
debian_linux
|
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
|
CWE-476
CWE-252
NULL Pointer Dereference
Unchecked Return Value
|
CVE-2019-9704
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211213
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id)…
|
CWE-89
SQL Injection
|
CVE-2019-9693
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211214
|
6.5 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9692
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211215
|
8.8 |
HIGH
Network
|
sftnow
|
sftnow
|
sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.
|
CWE-352
Origin Validation Error
|
CVE-2019-9688
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211216
|
9.8 |
CRITICAL
Network
|
podofo_project
fedoraproject
|
podofo
fedora
|
PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9687
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211217
|
8.1 |
HIGH
Network
|
php
canonical
opensuse
|
php
ubuntu_linux
leap
|
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the l…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9675
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211218
|
7.5 |
HIGH
Network
|
jtbc
|
jtbc_php
|
An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch…
|
CWE-22
Path Traversal
|
CVE-2019-9662
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211219
|
8.8 |
HIGH
Network
|
pacman_project
|
pacman
|
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacma…
|
CWE-22
Path Traversal
|
CVE-2019-9686
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211220
|
4.8 |
MEDIUM
Network
|
yzmcms
|
yzmcms
|
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
|
CWE-79
Cross-site Scripting
|
CVE-2019-9661
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
