|
223571
|
9.8 |
CRITICAL
Network
|
linkplay
|
linkplay
|
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain …
|
CWE-78
CWE-639
OS Command
Authorization Bypass Through User-Controlled Key
|
CVE-2019-15310
|
2024-11-21 13:28 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223572
|
7.2 |
HIGH
Network
|
vikisolutions
|
vera
|
The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15123
|
2024-11-21 13:28 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223573
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as…
|
CWE-79
Cross-site Scripting
|
CVE-2019-15083
|
2024-11-21 13:28 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223574
|
7.5 |
HIGH
Network
|
ushareit
|
shareit
|
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of ser…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-15234
|
2024-11-21 13:28 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223575
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_desktop_central
|
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15510
|
2024-11-21 13:28 |
2020-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223576
|
9.8 |
CRITICAL
Network
|
linbit
|
csync2
|
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.
|
NVD-CWE-noinfo
|
CVE-2019-15522
|
2024-11-21 13:28 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223577
|
7.5 |
HIGH
Network
|
inextrix
|
astpp
|
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA…
|
CWE-798
CWE-327
Use of Hard-coded Credentials
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-15075
|
2024-11-21 13:28 |
2020-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223578
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
The proj_doc_edit_page.php Project Documentation feature in MantisBT before 2.21.3 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit …
|
CWE-79
Cross-site Scripting
|
CVE-2019-15539
|
2024-11-21 13:28 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223579
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mobilefrontend
|
In the MobileFrontend extension for MediaWiki, XSS exists within the edit summary field of the watchlist feed. This affects REL1_31, REL1_32, and REL1_33.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15124
|
2024-11-21 13:28 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223580
|
8.8 |
HIGH
Network
|
centreon
|
centreon_web
|
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. Th…
|
CWE-287
Improper Authentication
|
CVE-2019-15299
|
2024-11-21 13:28 |
2020-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
