|
222091
|
9.8 |
CRITICAL
Network
|
dlink
|
dcs-935l_firmware
dcs-960l_firmware
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17146
|
2024-11-21 13:31 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222092
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite through 7.10.2 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16717
|
2024-11-21 13:31 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222093
|
6.6 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
OX App Suite through 7.10.2 has Incorrect Access Control.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-16716
|
2024-11-21 13:31 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222094
|
8.8 |
HIGH
Network
|
tiny_file_manager_project
|
tiny_file_manager
|
In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are impacted.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-16790
|
2024-11-21 13:31 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222095
|
7.8 |
HIGH
Local
|
k7computing
|
k7_ultimate_security
|
In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link…
|
CWE-59
Link Following
|
CVE-2019-16896
|
2024-11-21 13:31 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222096
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16781
|
2024-11-21 13:31 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222097
|
8.2 |
HIGH
Network
|
agendaless
oracle
debian
fedoraproject
redhat
|
waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
fedora
openstack
|
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress lead…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16789
|
2024-11-21 13:31 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222098
|
5.4 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16780
|
2024-11-21 13:31 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222099
|
7.5 |
HIGH
Network
|
agendaless
oracle
debian
fedoraproject
redhat
|
waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
fedora
openstack
|
Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header …
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16786
|
2024-11-21 13:31 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222100
|
7.5 |
HIGH
Network
|
agendaless
oracle
debian
fedoraproject
redhat
|
waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
fedora
openstack
|
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-16785
|
2024-11-21 13:31 |
2019-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
