|
223301
|
7.8 |
HIGH
Local
|
londontrustmedia
|
private_internet_access
|
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client 1.0.2 (build 02363) for Windows could allow an authenticated, local attacker to run arbitrary code with elevated pri…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-12572
|
2024-11-21 13:23 |
2019-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223302
|
9.8 |
CRITICAL
Network
|
cylan
|
clever_dog_smart_camera_panorama_dog-2w_firmware
clever_dog_smart_camera_plus_dog-2w-v4_firmware
|
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 pa…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-12920
|
2024-11-21 13:23 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223303
|
5.5 |
MEDIUM
Local
|
cylan
|
clever_dog_smart_camera_panorama_dog-2w_firmware
clever_dog_smart_camera_plus_dog-2w-v4_firmware
|
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-12919
|
2024-11-21 13:23 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223304
|
5.4 |
MEDIUM
Network
|
seeddms
|
seeddms
|
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12745
|
2024-11-21 13:23 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223305
|
7.5 |
HIGH
Network
|
seeddms
|
seeddms
|
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-12744
|
2024-11-21 13:23 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223306
|
6.1 |
MEDIUM
Network
|
afian
|
filerun
|
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12905
|
2024-11-21 13:23 |
2019-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223307
|
5.9 |
MEDIUM
Network
|
gnupg
opensuse
|
libgcrypt
leap
|
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on p…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-12904
|
2024-11-21 13:23 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223308
|
4.3 |
MEDIUM
Network
|
pydio
|
cells
|
Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sens…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-12903
|
2024-11-21 13:23 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223309
|
6.5 |
MEDIUM
Network
|
pydio
|
cells
|
Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.
|
CWE-459
Incomplete Cleanup
|
CVE-2019-12902
|
2024-11-21 13:23 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223310
|
8.8 |
HIGH
Network
|
pydio
|
cells
|
Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privi…
|
CWE-22
Path Traversal
|
CVE-2019-12901
|
2024-11-21 13:23 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
