|
222191
|
8.8 |
HIGH
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side.
|
CWE-269
Improper Privilege Management
|
CVE-2019-15747
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222192
|
9.8 |
CRITICAL
Network
|
sitos
|
sitos_six
|
SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.
|
CWE-94
CWE-78
Code Injection
OS Command
|
CVE-2019-15746
|
2024-11-21 13:29 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222193
|
8.8 |
HIGH
Network
|
kslabs
|
ksweb
|
The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15766
|
2024-11-21 13:29 |
2019-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222194
|
4.7 |
MEDIUM
Local
|
microchip
tecsec
thalesgroup
cryptsoft
athena-scs
|
atmel_toolbox
armored_card
etoken_4300
s\/a_idflex_v
idprotect
|
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, ab…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-15809
|
2024-11-21 13:29 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222195
|
9.8 |
CRITICAL
Network
|
govicture
|
pc530_firmware
|
Victure PC530 devices allow unauthenticated TELNET access as root.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15940
|
2024-11-21 13:29 |
2019-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222196
|
6.1 |
MEDIUM
Network
|
netdisco
|
netdisco
|
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15810
|
2024-11-21 13:29 |
2019-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222197
|
5.3 |
MEDIUM
Network
|
cksource
|
ckfinder
|
An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof…
|
CWE-200
Information Exposure
|
CVE-2019-15891
|
2024-11-21 13:29 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222198
|
7.5 |
HIGH
Network
|
cksource
|
ckfinder
|
An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept file…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15862
|
2024-11-21 13:29 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222199
|
9.8 |
CRITICAL
Network
|
lemonldap-ng
debian
|
lemonldap\
debian_linux
|
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an…
|
CWE-863
Incorrect Authorization
|
CVE-2019-15941
|
2024-11-21 13:29 |
2019-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222200
|
9.1 |
CRITICAL
Network
|
suricata-ids
|
suricata
|
An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-15699
|
2024-11-21 13:29 |
2019-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
