|
224191
|
9.8 |
CRITICAL
Network
|
jetbrains
|
youtrack
|
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-12866
|
2024-11-21 13:23 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224192
|
8.8 |
HIGH
Network
|
jetbrains
|
youtrack
|
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
|
CWE-352
Origin Validation Error
|
CVE-2019-12851
|
2024-11-21 13:23 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224193
|
9.8 |
CRITICAL
Network
|
jetbrains
|
youtrack
|
A query injection was possible in JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49168.
|
CWE-89
SQL Injection
|
CVE-2019-12850
|
2024-11-21 13:23 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224194
|
7.2 |
HIGH
Network
|
jetbrains
|
hub
|
In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-12847
|
2024-11-21 13:23 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224195
|
8.8 |
HIGH
Network
|
xpertsol
|
server_status_by_hostname\/ip
|
A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters.
|
CWE-89
SQL Injection
|
CVE-2019-12570
|
2024-11-21 13:23 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224196
|
9.8 |
CRITICAL
Network
|
dosbox
debian
|
dosbox
debian_linux
|
DOSBox 0.74-2 has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2019-12594
|
2024-11-21 13:23 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224197
|
8.8 |
HIGH
Network
|
wpchef
|
widget_logic
|
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that ar…
|
CWE-352
Origin Validation Error
|
CVE-2019-12826
|
2024-11-21 13:23 |
2019-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224198
|
5.3 |
MEDIUM
Network
|
djangoproject
canonical
debian
|
django
ubuntu_linux
debian_linux
|
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT set…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-12781
|
2024-11-21 13:23 |
2019-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224199
|
6.1 |
MEDIUM
Network
|
squirrelmail
|
squirrelmail
|
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious…
|
CWE-79
Cross-site Scripting
|
CVE-2019-12970
|
2024-11-21 13:23 |
2019-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224200
|
6.1 |
MEDIUM
Network
|
seeddms
|
seeddms
|
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-12932
|
2024-11-21 13:23 |
2019-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
