|
221901
|
9.8 |
CRITICAL
Network
|
igniterealtime
|
openfire
|
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-18394
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221902
|
5.3 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
|
CWE-22
Path Traversal
|
CVE-2019-18393
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221903
|
9.8 |
CRITICAL
Network
|
hotel_and_lodge_management_system_project
|
hotel_and_lodge_management_system
|
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit p…
|
CWE-89
SQL Injection
|
CVE-2019-18387
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221904
|
7.5 |
HIGH
Network
|
terra-master
|
fs-210_firmware
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-18385
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221905
|
6.5 |
MEDIUM
Network
|
terra-master
|
fs-210_firmware
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_…
|
NVD-CWE-noinfo
|
CVE-2019-18384
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221906
|
7.5 |
HIGH
Network
|
terra-master
|
fs-210_firmware
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
|
CWE-862
Missing Authorization
|
CVE-2019-18383
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221907
|
7.5 |
HIGH
Network
|
avstar
|
pe204_firmware
|
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
|
NVD-CWE-noinfo
|
CVE-2019-18382
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221908
|
7.5 |
HIGH
Network
|
mi
|
millet_router_3g_firmware
|
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by a…
|
CWE-22
Path Traversal
|
CVE-2019-18371
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221909
|
5.5 |
MEDIUM
Local
|
glensawyer
|
mp3gain
|
A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-18359
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221910
|
9.8 |
CRITICAL
Network
|
mi
|
millet_router_3g_firmware
|
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can c…
|
CWE-78
OS Command
|
CVE-2019-18370
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
