|
223001
|
9.8 |
CRITICAL
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13470
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223002
|
6.1 |
MEDIUM
Network
|
keynto
|
team_password_manager
|
KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13380
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223003
|
7.5 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values…
|
NVD-CWE-noinfo
|
CVE-2019-13277
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223004
|
7.5 |
HIGH
Network
|
weseek
|
growi
|
In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-13338
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223005
|
7.5 |
HIGH
Network
|
weseek
|
growi
|
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is…
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2019-13337
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223006
|
7.5 |
HIGH
Network
|
modsecurity
|
owasp_modsecurity_core_rule_set
|
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots int…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13464
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223007
|
8.8 |
HIGH
Network
|
trendnet
|
tew-827dru_firmware
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13280
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223008
|
5.4 |
MEDIUM
Network
|
cyberpowersystems
|
powerpanel
|
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Up…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13070
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223009
|
7.5 |
HIGH
Network
|
prestashop
|
prestashop
|
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-13461
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223010
|
5.3 |
MEDIUM
Network
|
field_test_project
|
field_test
|
The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous dependin…
|
CWE-74
Injection
|
CVE-2019-13146
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
