|
212371
|
7.5 |
HIGH
Network
|
aquaverde
|
aquarius_cms
|
Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-9734
|
2024-11-21 13:52 |
2019-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212372
|
7.5 |
HIGH
Network
|
aquaverde
|
aquarius_cms
|
aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-9724
|
2024-11-21 13:52 |
2019-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212373
|
6.1 |
MEDIUM
Network
|
vestacp
|
control_panel
|
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9841
|
2024-11-21 13:52 |
2019-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212374
|
6.1 |
MEDIUM
Network
|
zyxel
|
atp200_firmware
atp500_firmware
atp800_firmware
usg20-vpn_firmware
usg20w-vpn_firmware
usg40_firmware
usg40w_firmware
usg60_firmware
usg60w_firmware
usg110_firmware
usg2…
|
On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security …
|
CWE-79
Cross-site Scripting
|
CVE-2019-9955
|
2024-11-21 13:52 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212375
|
9.1 |
CRITICAL
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.
|
NVD-CWE-noinfo
|
CVE-2019-9890
|
2024-11-21 13:52 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212376
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-9756
|
2024-11-21 13:52 |
2019-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212377
|
9.8 |
CRITICAL
Network
|
miniblog.core_project
|
miniblog.core
|
madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs wr…
|
CWE-20
Improper Input Validation
|
CVE-2019-9845
|
2024-11-21 13:52 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212378
|
7.5 |
HIGH
Network
|
xmltooling_project
canonical
opensuse
|
xmltooling
ubuntu_linux
leap
|
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-9628
|
2024-11-21 13:52 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212379
|
8.8 |
HIGH
Network
|
dasannetworks
|
h660rm_firmware
|
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web inter…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-9976
|
2024-11-21 13:52 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212380
|
7.5 |
HIGH
Network
|
dasannetworks
|
h660rm_firmware
|
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-9975
|
2024-11-21 13:52 |
2019-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
