|
219031
|
6.1 |
MEDIUM
Network
|
api_based_travel_booking_project
|
api_based_travel_booking
|
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7554
|
2024-11-21 13:48 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219032
|
5.4 |
MEDIUM
Network
|
chartered_accountant_\
|
_auditor_website_project
|
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7553
|
2024-11-21 13:48 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219033
|
5.4 |
MEDIUM
Network
|
investment_mlm_software_project
|
investment_mlm_software
|
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7552
|
2024-11-21 13:48 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219034
|
8.8 |
HIGH
Network
|
primasystems
|
flexair
|
Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-7672
|
2024-11-21 13:48 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219035
|
9.0 |
CRITICAL
Network
|
primasystems
|
flexair
|
Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to scripts are not properly sanitized before being returned to the user, which may allow an attacker to execute arbitrary code in a u…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7671
|
2024-11-21 13:48 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219036
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines …
|
NVD-CWE-noinfo
|
CVE-2019-7549
|
2024-11-21 13:48 |
2019-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219037
|
8.8 |
HIGH
Network
|
ca
|
risk_authentication
strong_authentication
|
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x,…
|
CWE-269
Improper Privilege Management
|
CVE-2019-7394
|
2024-11-21 13:48 |
2019-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219038
|
4.3 |
MEDIUM
Network
|
ca
|
risk_authentication
strong_authentication
|
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.…
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2019-7393
|
2024-11-21 13:48 |
2019-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219039
|
9.8 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code exe…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-7816
|
2024-11-21 13:48 |
2019-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219040
|
7.5 |
HIGH
Network
|
adobe
|
acrobat_dc
acrobat_reader_dc
|
Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010.20091 and earlier, 2017.011.30120 and earlier version, and 2015.006.30475 and earlier have a data leakage (sensitive) vulnerabil…
|
NVD-CWE-noinfo
|
CVE-2019-7815
|
2024-11-21 13:48 |
2019-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
