|
222641
|
6.1 |
MEDIUM
Network
|
lsoft
|
listserv
|
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15501
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222642
|
6.1 |
MEDIUM
Network
|
status_board_project
|
status_board
|
Status Board 1.1.81 has reflected XSS via dashboard.ts.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15479
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222643
|
9.8 |
CRITICAL
Network
|
cszcms
|
csz_cms
|
CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ UR…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15524
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222644
|
9.8 |
CRITICAL
Network
|
spoon-library
fork-cms
|
spoon_library
fork_cms
|
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-15521
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222645
|
9.1 |
CRITICAL
Network
|
progradegrill
|
wifi_grilling_thermometer_firmware
|
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumente…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-15304
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222646
|
7.5 |
HIGH
Network
|
rustls_project
|
rustls
|
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.
|
CWE-88
Argument Injection
|
CVE-2019-15541
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222647
|
9.8 |
CRITICAL
Network
|
raml-module-builder_project
|
raml-module-builder
|
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.
|
CWE-89
SQL Injection
|
CVE-2019-15534
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222648
|
6.1 |
MEDIUM
Network
|
gchq
|
cyberchef
|
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15532
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222649
|
7.5 |
HIGH
Network
|
kaseya
|
virtual_system_administrator
|
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15506
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222650
|
6.1 |
MEDIUM
Network
|
laracom
|
laracom
|
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15489
|
2024-11-21 13:28 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
