|
214411
|
9.8 |
CRITICAL
Network
|
keybase
|
keybase
|
In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susceptible to time-to-check-time-to-use bugs and would also allow one user of the system (who didn't have root access) to tamper wit…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2019-7249
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214412
|
7.8 |
HIGH
Local
|
encodable
|
filechucker
|
An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., fi…
|
NVD-CWE-noinfo
|
CVE-2019-7216
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214413
|
7.5 |
HIGH
Network
|
idreamsoft
|
icms
|
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2019-7237
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214414
|
7.5 |
HIGH
Network
|
idreamsoft
|
icms
|
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2019-7236
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214415
|
7.5 |
HIGH
Network
|
idreamsoft
|
icms
|
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This…
|
CWE-22
Path Traversal
|
CVE-2019-7235
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214416
|
9.1 |
CRITICAL
Network
|
idreamsoft
|
icms
|
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents…
|
CWE-22
Path Traversal
|
CVE-2019-7234
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214417
|
8.8 |
HIGH
Network
|
libdoc_project
|
libdoc
|
In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-7233
|
2024-11-21 13:47 |
2019-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214418
|
4.8 |
MEDIUM
Network
|
croogo
|
croogo
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7173
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214419
|
6.1 |
MEDIUM
Network
|
atutor
|
atutor
|
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7172
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214420
|
4.8 |
MEDIUM
Network
|
croogo
|
croogo
|
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7171
|
2024-11-21 13:47 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
