|
223361
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 3 of 3).
|
CWE-89
SQL Injection
|
CVE-2019-12601
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223362
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 2 of 3).
|
CWE-89
SQL Injection
|
CVE-2019-12600
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223363
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-12599
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223364
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
|
CWE-89
SQL Injection
|
CVE-2019-12598
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223365
|
6.1 |
MEDIUM
Network
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to injec…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12774
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223366
|
7.8 |
HIGH
Local
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as de…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-12777
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223367
|
9.8 |
CRITICAL
Network
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP acce…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-12776
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223368
|
8.8 |
HIGH
Network
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo withou…
|
CWE-269
Improper Privilege Management
|
CVE-2019-12775
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223369
|
9.8 |
CRITICAL
Network
|
thinstation_project
|
thinstation
|
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.
|
CWE-78
OS Command
|
CVE-2019-12771
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223370
|
7.5 |
HIGH
Network
|
securitycamera
|
security_camera_cz
|
The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application.
|
NVD-CWE-noinfo
|
CVE-2019-12763
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
