|
223331
|
9.8 |
CRITICAL
Network
|
wago
|
852-303_firmware
852-1305_firmware
852-1505_firmware
|
WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daem…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-12549
|
2024-11-21 13:23 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223332
|
6.8 |
MEDIUM
Physics
|
actiontec
|
t2200h_firmware
|
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key seq…
|
NVD-CWE-noinfo
|
CVE-2019-12789
|
2024-11-21 13:23 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223333
|
7.4 |
HIGH
Network
|
twistedmatrix
|
twisted
|
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-12855
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223334
|
8.8 |
HIGH
Network
|
webmin
|
webmin
|
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
|
CWE-78
OS Command
|
CVE-2019-12840
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223335
|
8.8 |
HIGH
Network
|
orangehrm
|
orangehrm
|
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execu…
|
CWE-78
OS Command
|
CVE-2019-12839
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223336
|
9.8 |
CRITICAL
Network
|
leanify_project
|
leanify
|
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12835
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223337
|
7.2 |
HIGH
Network
|
mybb
|
mybb
|
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cac…
|
CWE-20
Improper Input Validation
|
CVE-2019-12831
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223338
|
8.7 |
HIGH
Network
|
mybb
|
mybb
|
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyC…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12830
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223339
|
7.5 |
HIGH
Network
|
radare
|
radare2
|
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr bu…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-12829
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223340
|
8.8 |
HIGH
Network
|
znc
|
znc
|
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
|
CWE-20
Improper Input Validation
|
CVE-2019-12816
|
2024-11-21 13:23 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
