|
224181
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attach…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13647
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224182
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13646
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224183
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachme…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13645
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224184
|
5.4 |
MEDIUM
Network
|
firefly-iii
|
firefly_iii
|
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tag…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13644
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224185
|
6.1 |
MEDIUM
Network
|
espocrm
|
espocrm
|
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message co…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13643
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224186
|
9.8 |
CRITICAL
Network
|
qbittorrent
|
qbittorrent
|
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current t…
|
CWE-78
OS Command
|
CVE-2019-13640
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224187
|
5.9 |
MEDIUM
Network
|
gnu
|
patch
|
In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
|
CWE-59
Link Following
|
CVE-2019-13636
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224188
|
8.8 |
HIGH
Network
|
logmeininc
|
join.me
|
In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined …
|
CWE-426
Untrusted Search Path
|
CVE-2019-13637
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224189
|
7.5 |
HIGH
Network
|
wireshark
fedoraproject
canonical
debian
opensuse
|
wireshark
fedora
ubuntu_linux
debian_linux
leap
|
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer incremen…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-13619
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224190
|
9.8 |
CRITICAL
Network
|
computerlab
|
maple_computer_wbt_snmp_administrator
|
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13577
|
2024-11-21 13:25 |
2019-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
