|
223431
|
5.4 |
MEDIUM
Network
|
sentrifugo
|
sentrifugo
|
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15814
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223432
|
8.8 |
HIGH
Network
|
sentrifugo
|
sentrifugo
|
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15813
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223433
|
4.4 |
MEDIUM
Local
|
systemd_project
fedoraproject
redhat
|
systemd
fedora
enterprise_linux
openshift_container_platform
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux_server_update_services_…
|
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access…
|
NVD-CWE-noinfo
|
CVE-2019-15718
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223434
|
7.5 |
HIGH
Network
|
libexpat_project
python
|
libexpat
python
|
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumn…
|
CWE-125
CWE-776
Out-of-bounds Read
XML Entity Expansion
|
CVE-2019-15903
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223435
|
5.6 |
MEDIUM
Local
|
linux
debian
opensuse
netapp
|
linux_kernel
debian_linux
leap
active_iq_performance_analytics_services
service_processor
baseboard_management_controller_firmware
|
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse …
|
CWE-200
Information Exposure
|
CVE-2019-15902
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223436
|
6.1 |
MEDIUM
Network
|
nagios
|
log_server
|
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15898
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223437
|
7.5 |
HIGH
Network
|
varnish_cache_project
varnish-software
debian
|
varnish_cache
debian_linux
|
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests…
|
CWE-617
Reachable Assertion
|
CVE-2019-15892
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223438
|
6.1 |
MEDIUM
Network
|
wpdownloadmanager
|
wordpress_download_manager
|
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15889
|
2024-11-21 13:29 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223439
|
8.8 |
HIGH
Network
|
metagauss
|
profilegrid
|
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php …
|
CWE-94
Code Injection
|
CVE-2019-15873
|
2024-11-21 13:29 |
2019-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223440
|
9.8 |
CRITICAL
Network
|
wpbrigade
|
loginpress
|
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.
|
CWE-89
SQL Injection
|
CVE-2019-15872
|
2024-11-21 13:29 |
2019-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
