|
224171
|
6.1 |
MEDIUM
Network
|
teclib-edition
|
news
|
An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12724
|
2024-11-21 13:23 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224172
|
9.8 |
CRITICAL
Network
|
teclib-edition
|
fields
|
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
|
CWE-89
SQL Injection
|
CVE-2019-12723
|
2024-11-21 13:23 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224173
|
8.1 |
HIGH
Network
|
thoughtspot
|
thoughtspot
|
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-12782
|
2024-11-21 13:23 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224174
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12748
|
2024-11-21 13:23 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224175
|
8.8 |
HIGH
Network
|
typo3
|
typo3
|
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-12747
|
2024-11-21 13:23 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224176
|
6.1 |
MEDIUM
Network
|
mailenable
|
mailenable
|
MailEnable Enterprise Premium 10.23 was vulnerable to stored and reflected cross-site scripting (XSS) attacks. Because the session cookie did not use the HttpOnly flag, it was possible to hijack the …
|
CWE-79
Cross-site Scripting
|
CVE-2019-12927
|
2024-11-21 13:23 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224177
|
8.8 |
HIGH
Network
|
mailenable
|
mailenable
|
MailEnable Enterprise Premium 10.23 did not use appropriate access control checks in a number of areas. As a result, it was possible to perform a number of actions, when logged in as a user, that tha…
|
CWE-862
Missing Authorization
|
CVE-2019-12926
|
2024-11-21 13:23 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224178
|
8.1 |
HIGH
Network
|
mailenable
|
mailenable
|
MailEnable Enterprise Premium 10.23 was vulnerable to multiple directory traversal issues, with which authenticated users could add, remove, or potentially read files in arbitrary folders accessible …
|
CWE-22
Path Traversal
|
CVE-2019-12925
|
2024-11-21 13:23 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224179
|
9.8 |
CRITICAL
Network
|
mailenable
|
mailenable
|
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerab…
|
CWE-611
CWE-311
XXE
Missing Encryption of Sensitive Data
|
CVE-2019-12924
|
2024-11-21 13:23 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224180
|
6.5 |
MEDIUM
Network
|
mailenable
|
mailenable
|
In MailEnable Enterprise Premium 10.23, the potential cross-site request forgery (CSRF) protection mechanism was not implemented correctly and it was possible to bypass it by removing the anti-CSRF t…
|
CWE-352
Origin Validation Error
|
CVE-2019-12923
|
2024-11-21 13:23 |
2019-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
