|
223011
|
5.5 |
MEDIUM
Local
|
razer
|
surround
|
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surro…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-13142
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223012
|
6.1 |
MEDIUM
Network
|
enhancesoft
|
osticket
|
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13397
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223013
|
6.5 |
MEDIUM
Network
|
ringcentral
zoom
|
ringcentral
zoom
|
In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can in…
|
CWE-862
Missing Authorization
|
CVE-2019-13450
|
2024-11-21 13:24 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223014
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom
|
In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.
|
CWE-20
Improper Input Validation
|
CVE-2019-13449
|
2024-11-21 13:24 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223015
|
6.1 |
MEDIUM
Network
|
boiteasite
|
rencontre
|
The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13414
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223016
|
9.8 |
CRITICAL
Network
|
boiteasite
|
rencontre
|
The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.
|
CWE-89
SQL Injection
|
CVE-2019-13413
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223017
|
9.8 |
CRITICAL
Network
|
strong_password_project
|
strong_password
|
The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6.
|
CWE-94
Code Injection
|
CVE-2019-13354
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223018
|
7.8 |
HIGH
Local
|
python
|
python
|
The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases be…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2019-13404
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223019
|
8.8 |
HIGH
Network
|
fortinet
|
fcm-mb40_firmware
|
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because n…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2019-13402
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223020
|
8.8 |
HIGH
Network
|
fortinet
|
fcm-mb40_firmware
|
Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/.
|
CWE-352
Origin Validation Error
|
CVE-2019-13401
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
