|
213681
|
6.1 |
MEDIUM
Network
|
python
|
pypiserver
|
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
|
CWE-79
CWE-74
Cross-site Scripting
Injection
|
CVE-2019-6802
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213682
|
6.1 |
MEDIUM
Network
|
kaine
|
wise_chat
|
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
|
CWE-601
Open Redirect
|
CVE-2019-6780
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213683
|
8.1 |
HIGH
Network
|
chshcms
|
cscms
|
Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links.
|
CWE-352
Origin Validation Error
|
CVE-2019-6779
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213684
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6777
|
2024-11-21 13:47 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213685
|
7.5 |
HIGH
Network
|
mz-automation
|
libiec61850
|
An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose…
|
CWE-416
Use After Free
|
CVE-2019-6719
|
2024-11-21 13:47 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213686
|
- |
|
-
|
-
|
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.
|
-
|
CVE-2019-6268
|
2024-11-21 13:46 |
2024-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213687
|
9.8 |
CRITICAL
Network
|
edge-core
|
ecs2020_firmware
|
Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI.
|
CWE-77
Command Injection
|
CVE-2019-6288
|
2024-11-21 13:46 |
2021-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213688
|
7.8 |
HIGH
Local
|
apple
|
mac_os_x
|
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierr…
|
CWE-20
Improper Input Validation
|
CVE-2019-6238
|
2024-11-21 13:46 |
2020-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213689
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-822_firmware
|
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udh…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-6258
|
2024-11-21 13:46 |
2020-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213690
|
7.3 |
HIGH
Local
|
lenovo
|
installation_package
|
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
|
CWE-426
Untrusted Search Path
|
CVE-2019-6196
|
2024-11-21 13:46 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
