|
212881
|
5.4 |
MEDIUM
Network
|
online_lottery_php_readymade_script_project
|
online_lottery_php_readymade_script
|
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9605
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212882
|
8.8 |
HIGH
Network
|
online_lottery_php_readymade_script_project
|
online_lottery_php_readymade_script
|
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.
|
CWE-352
Origin Validation Error
|
CVE-2019-9604
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212883
|
6.1 |
MEDIUM
Network
|
nagios
|
nagios_xi
|
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9167
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212884
|
7.8 |
HIGH
Local
|
nagios
|
nagios_xi
|
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-9166
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212885
|
9.8 |
CRITICAL
Network
|
nagios
|
incident_manager
|
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
|
CWE-89
SQL Injection
|
CVE-2019-9204
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212886
|
9.8 |
CRITICAL
Network
|
nagios
|
incident_manager
|
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
|
NVD-CWE-noinfo
|
CVE-2019-9203
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212887
|
8.8 |
HIGH
Network
|
nagios
|
incident_manager
|
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
|
NVD-CWE-noinfo
|
CVE-2019-9202
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212888
|
9.8 |
CRITICAL
Network
|
nagios
|
nagios_xi
|
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
|
CWE-89
SQL Injection
|
CVE-2019-9165
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212889
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9164
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212890
|
6.1 |
MEDIUM
Network
|
mailtraq
|
webmail
|
Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9558
|
2024-11-21 13:51 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
