|
222151
|
9.8 |
CRITICAL
Network
|
egpp
|
sistema_integrado_de_gestion_academica
|
In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attack…
|
CWE-89
SQL Injection
|
CVE-2019-16264
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222152
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16197
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222153
|
7.1 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.
|
NVD-CWE-noinfo
|
CVE-2019-16170
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222154
|
9.8 |
CRITICAL
Network
|
fasterxml
fedoraproject
debian
netapp
redhat
oracle
|
jackson-databind
fedora
debian_linux
steelstore_cloud_integrated_storage
oncommand_workflow_automation
oncommand_api_services
jboss_enterprise_application_platform
retail_xstore_…
|
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-16335
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222155
|
4.8 |
MEDIUM
Network
|
bludit
|
bludit
|
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16334
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222156
|
5.4 |
MEDIUM
Network
|
get-simple
|
getsimple_cms
|
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16333
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222157
|
6.1 |
MEDIUM
Network
|
api_bearer_auth_project
|
api_bearer_auth
|
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16332
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222158
|
6.1 |
MEDIUM
Network
|
scadabr
|
scadabr
|
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16321
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222159
|
7.5 |
HIGH
Network
|
wireshark
opensuse
debian
|
wireshark
leap
debian_linux
|
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-16319
|
2024-11-21 13:30 |
2019-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222160
|
8.8 |
HIGH
Network
|
pimcore
|
pimcore
|
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-16318
|
2024-11-21 13:30 |
2019-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
