|
214551
|
7.8 |
HIGH
Local
|
raisecom
|
iscom_ht803g-u_firmware
iscom_ht803g-w_firmware
iscom_ht803g-1ge_firmware
iscom_ht803g_gpon_firmware
|
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1…
|
CWE-78
OS Command
|
CVE-2019-7384
|
2024-11-21 13:48 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214552
|
7.8 |
HIGH
Local
|
systrome
|
cumilon_isg-600c_firmware
cumilon_isg-600h_firmware
cumilon_isg-800w_firmware
|
An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP …
|
CWE-78
OS Command
|
CVE-2019-7383
|
2024-11-21 13:48 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214553
|
6.1 |
MEDIUM
Network
|
phpmywind
|
phpmywind
|
An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7661
|
2024-11-21 13:48 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214554
|
6.1 |
MEDIUM
Network
|
phpmywind
|
phpmywind
|
An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7660
|
2024-11-21 13:48 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214555
|
9.1 |
CRITICAL
Network
|
broadcom
|
privileged_access_manager
|
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
|
CWE-287
Improper Authentication
|
CVE-2019-7392
|
2024-11-21 13:48 |
2019-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214556
|
3.3 |
LOW
Local
|
bosch
|
smart_camera
|
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still im…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-7729
|
2024-11-21 13:48 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214557
|
7.5 |
HIGH
Network
|
bosch
|
smart_camera
|
An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-7728
|
2024-11-21 13:48 |
2019-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214558
|
9.8 |
CRITICAL
Network
|
tintin\+\+_project
|
tintin\+\+
wintin\+\+
|
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7629
|
2024-11-21 13:48 |
2019-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214559
|
7.5 |
HIGH
Network
|
cmswing
|
cmswing
|
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-7649
|
2024-11-21 13:48 |
2019-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214560
|
7.4 |
HIGH
Network
|
amazon
|
fire_os
|
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages.
|
CWE-346
Origin Validation Error
|
CVE-2019-7399
|
2024-11-21 13:48 |
2019-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
