|
223141
|
8.8 |
HIGH
Network
|
slickquiz_project
|
slickquiz
|
The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-e…
|
CWE-89
SQL Injection
|
CVE-2019-12516
|
2024-11-21 13:23 |
2019-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223142
|
6.1 |
MEDIUM
Network
|
slickquiz_project
|
slickquiz
|
An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12517
|
2024-11-21 13:23 |
2019-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223143
|
8.1 |
HIGH
Network
|
ttlock
|
ttlock
|
TTLock devices do not properly restrict password-reset attempts, leading to incorrect access control and disclosure of sensitive information about valid account names.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-12943
|
2024-11-21 13:23 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223144
|
6.5 |
MEDIUM
Adjacent
|
ttlock
|
ttlock
|
TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable.
|
CWE-862
Missing Authorization
|
CVE-2019-12942
|
2024-11-21 13:23 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223145
|
5.3 |
MEDIUM
Network
|
mendix
|
mendix
|
In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12996
|
2024-11-21 13:23 |
2019-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223146
|
7.8 |
HIGH
Local
|
cisco
|
jabber
|
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code o…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-12645
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223147
|
6.1 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12644
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223148
|
4.3 |
MEDIUM
Network
|
cisco
|
content_security_management_appliance
|
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulne…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-12635
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223149
|
7.5 |
HIGH
Network
|
cisco
|
unified_contact_center_express
|
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12633
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223150
|
7.5 |
HIGH
Network
|
cisco
|
finesse
|
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerabi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-12632
|
2024-11-21 13:23 |
2019-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
