|
212771
|
9.8 |
CRITICAL
Network
|
primasystems
|
flexair
|
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file nam…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-7667
|
2024-11-21 13:48 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212772
|
8.8 |
HIGH
Network
|
primasystems
|
flexair
|
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to l…
|
CWE-287
Improper Authentication
|
CVE-2019-7666
|
2024-11-21 13:48 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212773
|
7.0 |
HIGH
Local
|
exacq
|
enterprise_system_manager
|
A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ES…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-7588
|
2024-11-21 13:48 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212774
|
7.5 |
HIGH
Network
|
linksys
|
wrt1900acs_firmware
|
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the r…
|
CWE-287
Improper Authentication
|
CVE-2019-7579
|
2024-11-21 13:48 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212775
|
9.8 |
CRITICAL
Network
|
artifex
|
mupdf
|
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
|
CWE-787
CWE-908
Out-of-bounds Write
Use of Uninitialized Resource
|
CVE-2019-7321
|
2024-11-21 13:48 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212776
|
8.8 |
HIGH
Network
|
adobe
redhat
|
flash_player
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
|
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execu…
|
CWE-416
Use After Free
|
CVE-2019-7845
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212777
|
9.8 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-7840
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212778
|
9.8 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-77
Command Injection
|
CVE-2019-7839
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212779
|
9.8 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code e…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-7838
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212780
|
6.1 |
MEDIUM
Network
|
api_based_travel_booking_project
|
api_based_travel_booking
|
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7554
|
2024-11-21 13:48 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
