|
212301
|
6.1 |
MEDIUM
Network
|
openfind
|
mail2000
|
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
|
CWE-79
Cross-site Scripting
|
CVE-2019-9763
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212302
|
4.8 |
MEDIUM
Network
|
symantec
|
data_loss_prevention
|
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by …
|
CWE-79
Cross-site Scripting
|
CVE-2019-9701
|
2024-11-21 13:52 |
2019-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212303
|
7.2 |
HIGH
Network
|
miniblog_project
|
miniblog
|
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9842
|
2024-11-21 13:52 |
2019-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212304
|
7.8 |
HIGH
Local
|
dahuasecurity
|
ipc-hfw1xxx_firmware
ipc-hdw1xxx_firmware
ipc-hfw2xxx_firmware
|
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9676
|
2024-11-21 13:52 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212305
|
5.3 |
MEDIUM
Network
|
wpengine
|
wpgraphql
|
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9881
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212306
|
9.1 |
CRITICAL
Network
|
wpengine
|
wpgraphql
|
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9880
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212307
|
9.8 |
CRITICAL
Network
|
wpengine
|
wpgraphql
|
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutatio…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9879
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212308
|
8.8 |
HIGH
Network
|
northern
|
cfengine
|
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-9929
|
2024-11-21 13:52 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212309
|
9.8 |
CRITICAL
Network
|
pydio
|
pydio
|
An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php fi…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9642
|
2024-11-21 13:52 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212310
|
8.8 |
HIGH
Local
|
synaptics
|
sound_device
|
Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an un…
|
NVD-CWE-noinfo
|
CVE-2019-9730
|
2024-11-21 13:52 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
