|
223341
|
5.4 |
MEDIUM
Network
|
modx
|
evolution_cms
|
Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14518
|
2024-11-21 13:26 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223342
|
6.1 |
MEDIUM
Network
|
webstudio
|
ultimate_loan_manager
|
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14427
|
2024-11-21 13:26 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223343
|
9.8 |
CRITICAL
Network
|
netgear
|
mr1100_firmware
|
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
|
CWE-78
OS Command
|
CVE-2019-14527
|
2024-11-21 13:26 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223344
|
8.1 |
HIGH
Network
|
netgear
|
mr1100_firmware
|
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefor…
|
CWE-352
Origin Validation Error
|
CVE-2019-14526
|
2024-11-21 13:26 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223345
|
8.8 |
HIGH
Network
|
wp_svg_icons_project
|
wp_svg_icons
|
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads…
|
CWE-352
Origin Validation Error
|
CVE-2019-14216
|
2024-11-21 13:26 |
2019-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223346
|
8.8 |
HIGH
Network
|
open-emr
|
openemr
|
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. …
|
CWE-22
Path Traversal
|
CVE-2019-14530
|
2024-11-21 13:26 |
2019-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223347
|
7.4 |
HIGH
Network
|
uidai
|
maadhaar
|
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-14516
|
2024-11-21 13:26 |
2019-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223348
|
2.4 |
LOW
Physics
|
real-sec
|
bc_vault_firmware
|
On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a par…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-14359
|
2024-11-21 13:26 |
2019-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223349
|
2.4 |
LOW
Physics
|
mooltipass
|
mooltipass_mini_firmware
|
On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a part…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-14357
|
2024-11-21 13:26 |
2019-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223350
|
2.4 |
LOW
Physics
|
shapeshift
|
keepkey_firmware
|
On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a p…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-14355
|
2024-11-21 13:26 |
2019-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
