|
214311
|
8.8 |
HIGH
Network
|
libsdl
debian
opensuse
canonical
fedoraproject
|
simple_directmedia_layer
debian_linux
leap
ubuntu_linux
fedora
|
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-7572
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214312
|
6.5 |
MEDIUM
Network
|
pbootcms
|
pbootcms
|
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
|
CWE-352
Origin Validation Error
|
CVE-2019-7570
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214313
|
8.8 |
HIGH
Network
|
wdoyo
|
doyo
|
An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.
|
CWE-352
Origin Validation Error
|
CVE-2019-7569
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214314
|
9.8 |
CRITICAL
Network
|
baijiacms_project
|
baijiacms
|
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
|
CWE-89
SQL Injection
|
CVE-2019-7568
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214315
|
6.1 |
MEDIUM
Network
|
bijiadao
|
waimai_super_cms
|
An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7567
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214316
|
8.8 |
HIGH
Network
|
cszcms
|
csz_cms
|
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.
|
CWE-352
Origin Validation Error
|
CVE-2019-7566
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214317
|
5.5 |
MEDIUM
Local
|
boolector_project
|
boolector
|
In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.
|
CWE-416
Use After Free
|
CVE-2019-7560
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214318
|
5.5 |
MEDIUM
Local
|
btor2tools_project
|
btor2tools
|
In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-7559
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214319
|
7.8 |
HIGH
Local
|
sqlalchemy
debian
opensuse
redhat
oracle
|
sqlalchemy
debian_linux
leap
backports_sle
enterprise_linux_eus
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux
communications_operations_monitor
|
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
|
CWE-89
SQL Injection
|
CVE-2019-7548
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214320
|
4.8 |
MEDIUM
Network
|
topnew
|
sidu
|
An issue was discovered in SIDU 6.0. Because the database name is not strictly filtered, the attacker can insert a name containing an XSS Payload, leading to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7547
|
2024-11-21 13:48 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
