|
223831
|
7.2 |
HIGH
Network
|
ajdg
|
adrotate
|
The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-13570
|
2024-11-21 13:25 |
2019-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223832
|
9.8 |
CRITICAL
Network
|
icegram
|
email_subscribers_\&_newsletters
|
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to …
|
CWE-89
SQL Injection
|
CVE-2019-13569
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223833
|
6.5 |
MEDIUM
Adjacent
|
arduino
|
arduino_firmware
|
Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity.
|
NVD-CWE-noinfo
|
CVE-2019-13991
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223834
|
7.8 |
HIGH
Local
|
dpic_project
|
dpic
|
dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() function in main.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13989
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223835
|
8.8 |
HIGH
Network
|
rangerstudio
|
directus_7_api
|
Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13984
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223836
|
9.8 |
CRITICAL
Network
|
rangerstudio
|
directus_7_api
|
Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-13983
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223837
|
5.3 |
MEDIUM
Network
|
rangerstudio
|
directus_7
|
interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview.
|
NVD-CWE-noinfo
|
CVE-2019-13982
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223838
|
5.3 |
MEDIUM
Network
|
rangerstudio
|
directus_7_api
|
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-13981
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223839
|
8.8 |
HIGH
Network
|
rangerstudio
|
directus_7_api
|
In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13980
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223840
|
8.8 |
HIGH
Network
|
rangerstudio
|
directus_7_api
|
In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13979
|
2024-11-21 13:25 |
2019-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
