|
222961
|
6.1 |
MEDIUM
Network
|
tuzicms
|
tuzicms
|
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16657
|
2024-11-21 13:30 |
2019-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222962
|
9.8 |
CRITICAL
Network
|
joyplus_project
|
joyplus
|
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
|
NVD-CWE-noinfo
|
CVE-2019-16656
|
2024-11-21 13:30 |
2019-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222963
|
7.5 |
HIGH
Network
|
joyplus_project
|
joyplus
|
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
|
NVD-CWE-noinfo
|
CVE-2019-16655
|
2024-11-21 13:30 |
2019-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222964
|
8.6 |
HIGH
Network
|
embedthis
|
goahead
|
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sen…
|
CWE-94
Code Injection
|
CVE-2019-16645
|
2024-11-21 13:30 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222965
|
10.0 |
CRITICAL
Network
|
supermicro
|
x11dai-n_firmware
x11dac_firmware
x11dph-tq_firmware
x11dph-i_firmware
x11dph-t_firmware
x11dps-re_firmware
x11dsf-e_firmware
x11dsn-ts_firmware
x11dsn-tsq_firmware
x11dsc\…
|
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an att…
|
NVD-CWE-noinfo
|
CVE-2019-16650
|
2024-11-21 13:30 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222966
|
10.0 |
CRITICAL
Network
|
supermicro
|
x11dai-n_firmware
x11dac_firmware
x11dph-tq_firmware
x11dph-i_firmware
x11dph-t_firmware
x11dps-re_firmware
x11dsf-e_firmware
x11dsn-ts_firmware
x11dsn-tsq_firmware
x11dsc\…
|
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred ove…
|
CWE-287
CWE-326
CWE-522
Improper Authentication
Inadequate Encryption Strength
Insufficiently Protected Credentials
|
CVE-2019-16649
|
2024-11-21 13:30 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222967
|
9.8 |
CRITICAL
Network
|
tuzicms
|
tuzicms
|
App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.
|
CWE-89
SQL Injection
|
CVE-2019-16644
|
2024-11-21 13:30 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222968
|
5.4 |
MEDIUM
Network
|
zrlog
|
zrlog
|
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16643
|
2024-11-21 13:30 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222969
|
6.1 |
MEDIUM
Network
|
draytek
|
vigor2925_firmware
|
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16534
|
2024-11-21 13:30 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222970
|
6.1 |
MEDIUM
Network
|
draytek
|
vigor2925_firmware
|
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16533
|
2024-11-21 13:30 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
