|
212941
|
6.1 |
MEDIUM
Network
|
phpmywind
|
phpmywind
|
An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7660
|
2024-11-21 13:48 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212942
|
9.1 |
CRITICAL
Network
|
broadcom
|
privileged_access_manager
|
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
|
CWE-287
Improper Authentication
|
CVE-2019-7392
|
2024-11-21 13:48 |
2019-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212943
|
3.3 |
LOW
Local
|
bosch
|
smart_camera
|
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still im…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-7729
|
2024-11-21 13:48 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212944
|
7.5 |
HIGH
Network
|
bosch
|
smart_camera
|
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-7728
|
2024-11-21 13:48 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212945
|
9.8 |
CRITICAL
Network
|
tintin\+\+_project
|
tintin\+\+
wintin\+\+
|
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7629
|
2024-11-21 13:48 |
2019-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212946
|
7.5 |
HIGH
Network
|
cmswing
|
cmswing
|
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-7649
|
2024-11-21 13:48 |
2019-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212947
|
7.4 |
HIGH
Network
|
amazon
|
fire_os
|
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
|
CWE-346
Origin Validation Error
|
CVE-2019-7399
|
2024-11-21 13:48 |
2019-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212948
|
5.3 |
MEDIUM
Network
|
jforum
|
jforum
|
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-7550
|
2024-11-21 13:48 |
2019-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212949
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7744
|
2024-11-21 13:48 |
2019-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212950
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper…
|
CWE-502
CWE-917
Deserialization of Untrusted Data
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2019-7743
|
2024-11-21 13:48 |
2019-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
