|
221991
|
7.5 |
HIGH
Network
|
openwrt
|
openwrt
|
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an…
|
CWE-125
CWE-681
Out-of-bounds Read
Incorrect Conversion between Numeric Types
|
CVE-2019-19945
|
2024-11-21 13:35 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221992
|
8.1 |
HIGH
Network
|
combodo
|
itop
|
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19821
|
2024-11-21 13:35 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221993
|
7.5 |
HIGH
Network
|
swisscom
|
centro_grande_firmware
centro_business
|
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform …
|
CWE-20
Improper Input Validation
|
CVE-2019-19942
|
2024-11-21 13:35 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221994
|
5.4 |
MEDIUM
Network
|
swisscom
|
centro_grande_firmware
|
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames i…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19941
|
2024-11-21 13:35 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221995
|
7.2 |
HIGH
Network
|
swisscom
|
centro_grande_firmware
|
Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injectio…
|
CWE-78
OS Command
|
CVE-2019-19940
|
2024-11-21 13:35 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221996
|
4.8 |
MEDIUM
Network
|
sangoma
|
freepbx
|
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Sup…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19851
|
2024-11-21 13:35 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221997
|
7.5 |
HIGH
Network
|
halvotec
|
raquest
|
An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. …
|
NVD-CWE-noinfo
|
CVE-2019-19611
|
2024-11-21 13:35 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221998
|
5.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-19799
|
2024-11-21 13:35 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221999
|
6.0 |
MEDIUM
Local
|
lenovo
|
xclarity_administrator
|
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear t…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-19756
|
2024-11-21 13:35 |
2020-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222000
|
7.5 |
HIGH
Network
|
halvotec
|
raquest
|
An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. Fixed…
|
CWE-74
Injection
|
CVE-2019-19614
|
2024-11-21 13:35 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
