|
221851
|
5.3 |
MEDIUM
Network
|
ready
|
wireless_emergency_alerts
|
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE S…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-18659
|
2024-11-21 13:33 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221852
|
6.5 |
MEDIUM
Network
|
wpwham
|
currency_switcher_for_woocommerce
|
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-18668
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221853
|
9.8 |
CRITICAL
Network
|
youphptube
|
youphptube
|
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plug…
|
CWE-89
SQL Injection
|
CVE-2019-18662
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221854
|
6.1 |
MEDIUM
Network
|
avg
|
anti-virus
|
A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18654
|
2024-11-21 13:33 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221855
|
6.1 |
MEDIUM
Network
|
avast
|
antivirus
|
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to e…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18653
|
2024-11-21 13:33 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221856
|
5.4 |
MEDIUM
Network
|
jitbit
|
.net_forum
|
A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18636
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221857
|
7.2 |
HIGH
Network
|
technicolor
|
td5130v2_firmware
|
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remot…
|
CWE-78
OS Command
|
CVE-2019-18396
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221858
|
5.3 |
MEDIUM
Network
|
yandex
|
clickhouse
|
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
|
CWE-74
Injection
|
CVE-2019-18657
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221859
|
6.1 |
MEDIUM
Network
|
pimcore
|
pimcore
|
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18656
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221860
|
9.8 |
CRITICAL
Network
|
ipswitch
|
moveit_transfer
|
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18465
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
