|
223021
|
9.8 |
CRITICAL
Network
|
fortinet
|
fcm-mb40_firmware
|
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-13400
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223022
|
5.9 |
MEDIUM
Network
|
fortinet
|
fcm-mb40_firmware
|
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-13399
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223023
|
7.2 |
HIGH
Network
|
fortinet
|
fcm-mb40_firmware
|
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi …
|
CWE-78
OS Command
|
CVE-2019-13398
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223024
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13391
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223025
|
6.5 |
MEDIUM
Network
|
ffmpeg
|
ffmpeg
|
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c.
|
CWE-369
Divide By Zero
|
CVE-2019-13390
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223026
|
8.8 |
HIGH
Network
|
avtech
|
room_alert_3e_firmware
|
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?actio…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-13379
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223027
|
8.8 |
HIGH
Network
|
flarum
|
flarum
|
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.
|
CWE-352
Origin Validation Error
|
CVE-2019-13183
|
2024-11-21 13:24 |
2019-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223028
|
9.8 |
CRITICAL
Network
|
dlink
|
central_wifimanager
|
A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does no…
|
CWE-89
SQL Injection
|
CVE-2019-13375
|
2024-11-21 13:24 |
2019-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223029
|
6.1 |
MEDIUM
Network
|
dlink
|
central_wifimanager
|
A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13374
|
2024-11-21 13:24 |
2019-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223030
|
9.8 |
CRITICAL
Network
|
dlink
|
central_wifimanager
|
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Pub…
|
CWE-89
SQL Injection
|
CVE-2019-13373
|
2024-11-21 13:24 |
2019-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
