|
213581
|
9.8 |
CRITICAL
Network
|
smartertools
|
smartermail
|
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This po…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-7214
|
2024-11-21 13:47 |
2019-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213582
|
6.5 |
MEDIUM
Network
|
smartertools
|
smartermail
|
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail …
|
CWE-22
Path Traversal
|
CVE-2019-7213
|
2024-11-21 13:47 |
2019-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213583
|
8.2 |
HIGH
Network
|
smartertools
|
smartermail
|
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mai…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-7212
|
2024-11-21 13:47 |
2019-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213584
|
6.1 |
MEDIUM
Network
|
smartertools
|
smartermail
|
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7211
|
2024-11-21 13:47 |
2019-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213585
|
9.8 |
CRITICAL
Network
|
canonical
|
snapd
ubuntu_linux
|
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37…
|
CWE-863
Incorrect Authorization
|
CVE-2019-7304
|
2024-11-21 13:47 |
2019-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213586
|
7.5 |
HIGH
Network
|
canonical
|
snapd
ubuntu_linux
|
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to ma…
|
NVD-CWE-Other
|
CVE-2019-7303
|
2024-11-21 13:47 |
2019-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213587
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains t…
|
CWE-269
Improper Privilege Management
|
CVE-2019-7155
|
2024-11-21 13:47 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213588
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack o…
|
CWE-79
Cross-site Scripting
|
CVE-2019-6796
|
2024-11-21 13:47 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213589
|
6.1 |
MEDIUM
Network
|
zarafa
|
webaccess
|
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; howeve…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7219
|
2024-11-21 13:47 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213590
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18…
|
CWE-89
SQL Injection
|
CVE-2019-7139
|
2024-11-21 13:47 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
