|
223781
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_assetexplorer
|
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via SoftwareListView.do with the parameter swType or swComplianceType.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12596
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223782
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_assetexplorer
|
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the RCSettings.do rdsName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12595
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223783
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12540
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223784
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus
|
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12539
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223785
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_assetexplorer
|
An issue was discovered in Zoho ManageEngine AssetExplorer. There is XSS via the SearchN.do search field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12537
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223786
|
9.8 |
CRITICAL
Network
|
schedmd
debian
fedoraproject
opensuse
|
slurm
debian_linux
fedora
leap
|
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-12838
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223787
|
5.5 |
MEDIUM
Local
|
hunesion
|
i-onenet
|
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-12804
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223788
|
9.8 |
CRITICAL
Network
|
hunesion
|
i-onenet
|
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell up…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-12803
|
2024-11-21 13:23 |
2019-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223789
|
6.1 |
MEDIUM
Network
|
teclib-edition
|
news
|
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12724
|
2024-11-21 13:23 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223790
|
9.8 |
CRITICAL
Network
|
teclib-edition
|
fields
|
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
|
CWE-89
SQL Injection
|
CVE-2019-12723
|
2024-11-21 13:23 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
