|
225051
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenti…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15751
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225052
|
6.1 |
MEDIUM
Network
|
sitos
|
sitos_six
|
A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15750
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225053
|
6.5 |
MEDIUM
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-15749
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225054
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functio…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15748
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225055
|
8.8 |
HIGH
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.
|
CWE-269
Improper Privilege Management
|
CVE-2019-15747
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225056
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
|
CWE-94
CWE-78
Code Injection
OS Command
|
CVE-2019-15746
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225057
|
8.8 |
HIGH
Network
|
kslabs
|
ksweb
|
The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15766
|
2024-11-21 13:29 |
2019-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225058
|
4.7 |
MEDIUM
Local
|
microchip
tecsec
thalesgroup
cryptsoft
athena-scs
|
atmel_toolbox
armored_card
etoken_4300
s\/a_idflex_v
idprotect
|
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, ab…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-15809
|
2024-11-21 13:29 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225059
|
9.8 |
CRITICAL
Network
|
govicture
|
pc530_firmware
|
Victure PC530 devices allow unauthenticated TELNET access as root.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15940
|
2024-11-21 13:29 |
2019-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225060
|
6.1 |
MEDIUM
Network
|
netdisco
|
netdisco
|
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15810
|
2024-11-21 13:29 |
2019-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
