|
214361
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains t…
|
CWE-269
Improper Privilege Management
|
CVE-2019-7155
|
2024-11-21 13:47 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214362
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack o…
|
CWE-79
Cross-site Scripting
|
CVE-2019-6796
|
2024-11-21 13:47 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214363
|
6.1 |
MEDIUM
Network
|
zarafa
|
webaccess
|
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; howeve…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7219
|
2024-11-21 13:47 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214364
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18…
|
CWE-89
SQL Injection
|
CVE-2019-7139
|
2024-11-21 13:47 |
2019-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214365
|
9.8 |
CRITICAL
Network
|
roxyfileman
|
roxy_fileman
|
Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations.
|
NVD-CWE-noinfo
|
CVE-2019-7174
|
2024-11-21 13:47 |
2019-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214366
|
8.8 |
HIGH
Network
|
avaya
|
ip_office_contact_center
|
A SQL injection vulnerability in the WebUI component of IP Office Contact Center could allow an authenticated attacker to retrieve or alter sensitive data related to other users on the system. Affect…
|
CWE-89
SQL Injection
|
CVE-2019-7001
|
2024-11-21 13:47 |
2019-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214367
|
7.5 |
HIGH
Network
|
boldgrid
|
w3_total_cache
|
pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.
|
NVD-CWE-noinfo
|
CVE-2019-6715
|
2024-11-21 13:47 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214368
|
6.5 |
MEDIUM
Network
|
digium
|
asterisk
|
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asteri…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-7251
|
2024-11-21 13:47 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214369
|
7.5 |
HIGH
Network
|
z.cash
|
zcash
|
Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced ce…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2019-7167
|
2024-11-21 13:47 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214370
|
6.1 |
MEDIUM
Network
|
wpsupportplus
|
wp_support_plus_responsive_ticket_system
|
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7299
|
2024-11-21 13:47 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
