|
211761
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9164
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211762
|
6.1 |
MEDIUM
Network
|
mailtraq
|
webmail
|
Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9558
|
2024-11-21 13:51 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211763
|
6.1 |
MEDIUM
Network
|
codecrafters
|
ability_mail_server
|
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the b…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9557
|
2024-11-21 13:51 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211764
|
6.1 |
MEDIUM
Network
|
stackstorm
|
stackstorm
|
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9580
|
2024-11-21 13:51 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211765
|
7.0 |
HIGH
Local
|
cyberark
|
endpoint_privilege_manager
|
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9627
|
2024-11-21 13:51 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211766
|
6.5 |
MEDIUM
Network
|
chshcms
|
cscms
|
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
|
CWE-352
Origin Validation Error
|
CVE-2019-9598
|
2024-11-21 13:51 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211767
|
8.8 |
HIGH
Network
|
boltcms
|
bolt
|
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9185
|
2024-11-21 13:51 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211768
|
9.8 |
CRITICAL
Network
|
motorola
|
m2_firmware
c1_firmware
|
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root …
|
CWE-78
OS Command
|
CVE-2019-9121
|
2024-11-21 13:51 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211769
|
9.8 |
CRITICAL
Network
|
motorola
|
m2_firmware
c1_firmware
|
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root …
|
CWE-78
OS Command
|
CVE-2019-9120
|
2024-11-21 13:51 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211770
|
9.8 |
CRITICAL
Network
|
motorola
|
m2_firmware
c1_firmware
|
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root …
|
CWE-78
OS Command
|
CVE-2019-9119
|
2024-11-21 13:51 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
