|
222181
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_opmanager
|
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability coul…
|
CWE-89
SQL Injection
|
CVE-2019-17602
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222182
|
9.8 |
CRITICAL
Network
|
minishare_project
|
minishare
|
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17601
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222183
|
9.8 |
CRITICAL
Network
|
darkhorse
|
dark_horse_comics
|
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17398
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222184
|
9.8 |
CRITICAL
Network
|
powerschool
|
powerschool_mobile
|
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17396
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222185
|
9.8 |
CRITICAL
Network
|
seesaw
|
parent_and_family
|
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17394
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222186
|
6.5 |
MEDIUM
Adjacent
|
infinitestudio
|
infinite_design
|
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-17356
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222187
|
9.8 |
CRITICAL
Network
|
orbitz
|
orbitz
|
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17355
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222188
|
9.8 |
CRITICAL
Network
|
doordash
|
doordash
|
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17397
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222189
|
9.8 |
CRITICAL
Network
|
intelbras
|
iwr_1000n_firmware
|
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
|
CWE-352
Origin Validation Error
|
CVE-2019-17600
|
2024-11-21 13:32 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222190
|
5.4 |
MEDIUM
Network
|
gnu
opensuse
|
ncurses
leap
|
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17595
|
2024-11-21 13:32 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
