|
211221
|
4.8 |
MEDIUM
Network
|
yzmcms
|
yzmcms
|
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9660
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211222
|
5.3 |
MEDIUM
Network
|
checkstyle
debian
fedoraproject
|
checkstyle
debian_linux
fedora
|
Checkstyle before 8.18 loads external DTDs by default.
|
CWE-611
XXE
|
CVE-2019-9658
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211223
|
8.8 |
HIGH
Network
|
libofx_project
debian
canonical
|
libofx
debian_linux
ubuntu_linux
|
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-9656
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211224
|
9.1 |
CRITICAL
Network
|
chuango
eminent
|
wifi_alarm_system_firmware
wifi\/cellular_smart_home_system_h4_plus_firmware
awv_plus_wifi_alarm_system_firmware
g5w_3g_firmware
g5_plus_gsm\/sms\/rfid_touch_alarm_system_firmware
g3_g…
|
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Ch…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2019-9659
|
2024-11-21 13:52 |
2019-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211225
|
8.8 |
HIGH
Network
|
sdcms
|
sdcms
|
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.
|
CWE-352
Origin Validation Error
|
CVE-2019-9652
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211226
|
9.8 |
CRITICAL
Network
|
sdcms
|
sdcms
|
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because …
|
CWE-94
Code Injection
|
CVE-2019-9651
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211227
|
6.1 |
MEDIUM
Network
|
upcoming_events_project
|
upcoming_events
|
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9650
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211228
|
6.1 |
MEDIUM
Network
|
codepeople
|
contact_form_email
|
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."
|
CWE-79
Cross-site Scripting
|
CVE-2019-9646
|
2024-11-21 13:52 |
2019-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211229
|
9.8 |
CRITICAL
Network
|
php
debian
canonical
opensuse
netapp
|
php
debian_linux
ubuntu_linux
leap
storage_automation_store
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
|
CWE-908
Use of Uninitialized Resource
|
CVE-2019-9641
|
2024-11-21 13:52 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211230
|
7.5 |
HIGH
Network
|
php
canonical
debian
opensuse
netapp
redhat
|
php
ubuntu_linux
debian_linux
leap
storage_automation_store
software_collections
|
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-9640
|
2024-11-21 13:52 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
