|
222181
|
4.4 |
MEDIUM
Local
|
cisco
|
telepresence_collaboration_endpoint
|
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vul…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-15962
|
2024-11-21 13:29 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222182
|
7.2 |
HIGH
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
|
NVD-CWE-noinfo
|
CVE-2019-15893
|
2024-11-21 13:29 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222183
|
7.2 |
HIGH
Network
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
|
CWE-78
OS Command
|
CVE-2019-15715
|
2024-11-21 13:29 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222184
|
9.8 |
CRITICAL
Network
|
socomec
|
diris_a-40_firmware
|
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
|
CWE-200
Information Exposure
|
CVE-2019-15859
|
2024-11-21 13:29 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222185
|
8.0 |
HIGH
Adjacent
|
altair
|
pbs_professional
|
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code e…
|
NVD-CWE-noinfo
|
CVE-2019-15719
|
2024-11-21 13:29 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222186
|
6.8 |
MEDIUM
Physics
|
espressif
|
esp-idf
|
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt th…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-15894
|
2024-11-21 13:29 |
2019-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222187
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenti…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15751
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222188
|
6.1 |
MEDIUM
Network
|
sitos
|
sitos_six
|
A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15750
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222189
|
6.5 |
MEDIUM
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-15749
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222190
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functio…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15748
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
