|
222961
|
7.1 |
HIGH
Local
|
denx
|
u-boot
|
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwr…
|
CWE-674
Uncontrolled Recursion
|
CVE-2019-13103
|
2024-11-21 13:24 |
2019-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222962
|
6.1 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing webs…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13387
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222963
|
8.8 |
HIGH
Network
|
centos-webpanel
|
centos_web_panel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privileg…
|
CWE-863
Incorrect Authorization
|
CVE-2019-13386
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222964
|
4.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application b…
|
CWE-22
Path Traversal
|
CVE-2019-13385
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222965
|
7.8 |
HIGH
Local
|
techsmith
|
snagit
|
UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic…
|
CWE-59
Link Following
|
CVE-2019-13382
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222966
|
4.9 |
MEDIUM
Network
|
openldap
canonical
debian
opensuse
apple
mcafee
oracle
|
openldap
ubuntu_linux
debian_linux
leap
mac_os_x
policy_auditor
solaris
zfs_storage_appliance_kit
blockchain_platform
|
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g.…
|
NVD-CWE-noinfo
|
CVE-2019-13057
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222967
|
7.3 |
HIGH
Network
|
auth0
|
passport-sharepoint
|
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mech…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-13483
|
2024-11-21 13:24 |
2019-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222968
|
7.5 |
HIGH
Network
|
cat_runner\
|
_decorate_home_project
|
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can …
|
CWE-20
Improper Input Validation
|
CVE-2019-13097
|
2024-11-21 13:24 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222969
|
9.8 |
CRITICAL
Network
|
tronlink
|
wallet
|
TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and places them in insecure storage. An attacker can read and reuse the user keystore of a valid user via /data/data/com.tronlink.wallet…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-13096
|
2024-11-21 13:24 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222970
|
6.5 |
MEDIUM
Network
|
send-anywhere
|
send_anywhere
|
The Send Anywhere application 9.4.18 for Android stores confidential information insecurely on the system (i.e., in cleartext), which allows a non-root user to find out the username/password of a val…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-13100
|
2024-11-21 13:24 |
2019-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
