|
223531
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-12599
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223532
|
9.8 |
CRITICAL
Network
|
salesagility
|
suitecrm
|
SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before 7.11.5 allows SQL Injection (issue 1 of 3).
|
CWE-89
SQL Injection
|
CVE-2019-12598
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223533
|
6.1 |
MEDIUM
Network
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to injec…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12774
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223534
|
7.8 |
HIGH
Local
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as de…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-12777
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223535
|
9.8 |
CRITICAL
Network
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP acce…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-12776
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223536
|
8.8 |
HIGH
Network
|
enttec
|
datagate_mk2_firmware
storm_24_firmware
pixelator_firmware
e-streamer_mk2_firmware
|
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo withou…
|
CWE-269
Improper Privilege Management
|
CVE-2019-12775
|
2024-11-21 13:23 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223537
|
9.8 |
CRITICAL
Network
|
thinstation_project
|
thinstation
|
Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring.
|
CWE-78
OS Command
|
CVE-2019-12771
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223538
|
7.5 |
HIGH
Network
|
securitycamera
|
security_camera_cz
|
The Security Camera CZ application through 1.6.8 for Android stores potentially sensitive recorded video in external data storage, which is readable by any application.
|
NVD-CWE-noinfo
|
CVE-2019-12763
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223539
|
4.2 |
MEDIUM
Physics
|
mi
sony
samsung
google
sharp
fujitsu
|
mi_5s_plus_firmware
xperia_z4_firmware
galaxy_s6_edge_firmware
galaxy_s4_firmware
nexus_7_firmware
nexus_9_firmware
aquos_zeta_sh-04f_firmware
arrows_nx_f05-f_firmware
|
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface…
|
NVD-CWE-noinfo
|
CVE-2019-12762
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223540
|
7.5 |
HIGH
Network
|
python
|
pyxdg
|
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.par…
|
CWE-94
Code Injection
|
CVE-2019-12761
|
2024-11-21 13:23 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
