|
218991
|
5.5 |
MEDIUM
Local
|
artifex
|
mupdf
|
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/sv…
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-6130
|
2024-11-21 13:45 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218992
|
6.5 |
MEDIUM
Network
|
libpng
|
libpng
|
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-6129
|
2024-11-21 13:45 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218993
|
8.8 |
HIGH
Network
|
libtiff
canonical
opensuse
debian
|
libtiff
ubuntu_linux
leap
debian_linux
|
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-6128
|
2024-11-21 13:45 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218994
|
7.2 |
HIGH
Network
|
xiaocms
|
xiaocms
|
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename.
|
CWE-89
SQL Injection
|
CVE-2019-6127
|
2024-11-21 13:45 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218995
|
7.5 |
HIGH
Network
|
advance_peer_to_peer_mlm_script_project
|
advance_peer_to_peer_mlm_script
|
The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.p…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-6126
|
2024-11-21 13:45 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218996
|
9.8 |
CRITICAL
Network
|
nelson-it
|
open_source_erp
|
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
|
CWE-89
SQL Injection
|
CVE-2019-5893
|
2024-11-21 13:45 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218997
|
6.5 |
MEDIUM
Network
|
frrouting
|
frrouting
|
bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used fo…
|
CWE-436
Interpretation Conflict
|
CVE-2019-5892
|
2024-11-21 13:45 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218998
|
7.5 |
HIGH
Network
|
shopxo
|
shopxo
|
An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of the FileUtil.php file, the input parameters are not checked, resulting in input mishandling by the rmdir method. Attackers can dele…
|
CWE-22
Path Traversal
|
CVE-2019-5887
|
2024-11-21 13:45 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218999
|
9.8 |
CRITICAL
Network
|
shopxo
|
shopxo
|
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add method, which allows an attacker to reinstall the database. …
|
CWE-667
CWE-862
Improper Locking
Missing Authorization
|
CVE-2019-5886
|
2024-11-21 13:45 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219000
|
5.9 |
MEDIUM
Network
|
std42
|
elfinder
|
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
|
CWE-200
Information Exposure
|
CVE-2019-5884
|
2024-11-21 13:45 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
