|
222981
|
5.3 |
MEDIUM
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-13383
|
2024-11-21 13:24 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222982
|
9.8 |
CRITICAL
Network
|
control-webpanel
|
webpanel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-13360
|
2024-11-21 13:24 |
2019-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222983
|
5.3 |
MEDIUM
Network
|
digium
debian
|
certified_asterisk
asterisk
debian_linux
|
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip w…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-13161
|
2024-11-21 13:24 |
2019-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222984
|
9.8 |
CRITICAL
Network
|
realization
|
concerto_critical_chain_planner
|
Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter.
|
CWE-89
SQL Injection
|
CVE-2019-13027
|
2024-11-21 13:24 |
2019-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222985
|
4.8 |
MEDIUM
Network
|
vanderbilt
|
redcap
|
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13029
|
2024-11-21 13:24 |
2019-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222986
|
8.8 |
HIGH
Network
|
dlink
|
dir-818lw_firmware
|
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to Se…
|
CWE-78
OS Command
|
CVE-2019-13482
|
2024-11-21 13:24 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222987
|
8.8 |
HIGH
Network
|
dlink
|
dir-818lw_firmware
|
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to Set…
|
CWE-78
OS Command
|
CVE-2019-13481
|
2024-11-21 13:24 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222988
|
9.8 |
CRITICAL
Network
|
zeromq
debian
canonical
fedoraproject
|
libzmq
debian_linux
ubuntu_linux
fedora
|
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/a…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13132
|
2024-11-21 13:24 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222989
|
9.8 |
CRITICAL
Network
|
trendnet
|
tew-827dru_firmware
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execu…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13279
|
2024-11-21 13:24 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222990
|
9.8 |
CRITICAL
Network
|
trendnet
|
tew-827dru_firmware
|
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple command injections when processing user input for the setup wizard, allowing an unauthenticated user to run arbitrary c…
|
CWE-78
OS Command
|
CVE-2019-13278
|
2024-11-21 13:24 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
