|
223361
|
8.8 |
HIGH
Network
|
loom
|
loom
|
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same netw…
|
CWE-287
Improper Authentication
|
CVE-2019-14432
|
2024-11-21 13:26 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223362
|
8.8 |
HIGH
Network
|
eq-3
|
ccu2_firmware
ccu3_firmware
|
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account can create a new admin level account, read the s…
|
CWE-862
Missing Authorization
|
CVE-2019-14473
|
2024-11-21 13:26 |
2019-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223363
|
8.8 |
HIGH
Network
|
schben
|
adive
|
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-14347
|
2024-11-21 13:26 |
2019-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223364
|
8.8 |
HIGH
Network
|
schben
|
adive
|
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
|
CWE-352
Origin Validation Error
|
CVE-2019-14346
|
2024-11-21 13:26 |
2019-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223365
|
7.5 |
HIGH
Network
|
eq-3
|
ccu2_firmware
ccu3_firmware
|
eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID from CVE-2019-9583, resulting in…
|
CWE-862
Missing Authorization
|
CVE-2019-14475
|
2024-11-21 13:26 |
2019-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223366
|
5.4 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14550
|
2024-11-21 13:26 |
2019-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223367
|
5.4 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14549
|
2024-11-21 13:26 |
2019-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223368
|
5.4 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using …
|
CWE-79
Cross-site Scripting
|
CVE-2019-14548
|
2024-11-21 13:26 |
2019-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223369
|
5.4 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14547
|
2024-11-21 13:26 |
2019-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223370
|
5.4 |
MEDIUM
Network
|
espocrm
|
espocrm
|
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14546
|
2024-11-21 13:26 |
2019-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
