|
214061
|
7.2 |
HIGH
Network
|
articatech
|
artica_proxy
|
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-7300
|
2024-11-21 13:47 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214062
|
8.1 |
HIGH
Network
|
dlink
|
dir-823g_firmware
|
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. Thi…
|
CWE-78
OS Command
|
CVE-2019-7298
|
2024-11-21 13:47 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214063
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-823g_firmware
|
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a cra…
|
CWE-78
OS Command
|
CVE-2019-7297
|
2024-11-21 13:47 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214064
|
6.1 |
MEDIUM
Network
|
typora
|
typora
|
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7296
|
2024-11-21 13:47 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214065
|
6.1 |
MEDIUM
Network
|
typora
|
typora
|
typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7295
|
2024-11-21 13:47 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214066
|
7.4 |
HIGH
Network
|
netkit
debian
|
netkit
debian_linux
|
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validatio…
|
NVD-CWE-noinfo
|
CVE-2019-7283
|
2024-11-21 13:47 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214067
|
5.9 |
MEDIUM
Network
|
netkit
debian
fedoraproject
|
netkit
debian_linux
fedora
|
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of…
|
NVD-CWE-noinfo
|
CVE-2019-7282
|
2024-11-21 13:47 |
2019-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214068
|
6.1 |
MEDIUM
Network
|
cross_reference_project
|
cross_reference
|
An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7250
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214069
|
9.8 |
CRITICAL
Network
|
keybase
|
keybase
|
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper wit…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-7249
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214070
|
7.8 |
HIGH
Local
|
encodable
|
filechucker
|
An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., fi…
|
NVD-CWE-noinfo
|
CVE-2019-7216
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
