|
223331
|
9.8 |
CRITICAL
Network
|
ricoh
|
sp_c250sf_firmware
sp_c252sf_firmware
sp_c250dn_firmware
sp_c252dn_firmware
|
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affec…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-14300
|
2024-11-21 13:26 |
2019-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223332
|
9.8 |
CRITICAL
Network
|
ricoh
|
sp_c250sf_firmware
sp_c252sf_firmware
sp_c250dn_firmware
sp_c252dn_firmware
|
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected fir…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-14308
|
2024-11-21 13:26 |
2019-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223333
|
5.4 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager
|
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14469
|
2024-11-21 13:26 |
2019-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223334
|
7.5 |
HIGH
Network
|
sphinxsearch
|
sphinx
|
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-14511
|
2024-11-21 13:26 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223335
|
7.5 |
HIGH
Network
|
zenoss
|
zenoss
|
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
|
CWE-611
XXE
|
CVE-2019-14258
|
2024-11-21 13:26 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223336
|
7.8 |
HIGH
Local
|
zenoss
|
zenoss
|
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2019-14257
|
2024-11-21 13:26 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223337
|
6.5 |
MEDIUM
Network
|
centos-webpanel
|
centos_web_panel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-14246
|
2024-11-21 13:26 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223338
|
6.5 |
MEDIUM
Network
|
centos-webpanel
|
centos_web_panel
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-14245
|
2024-11-21 13:26 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223339
|
5.3 |
MEDIUM
Network
|
youphptube
|
youphptube
|
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-14430
|
2024-11-21 13:26 |
2019-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223340
|
8.8 |
HIGH
Network
|
tortoisesvn
|
tortoisesvn
|
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from …
|
NVD-CWE-noinfo
|
CVE-2019-14422
|
2024-11-21 13:26 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
