|
223841
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a s…
|
CWE-399
Resource Management Errors
|
CVE-2019-13648
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223842
|
8.8 |
HIGH
Network
|
ovidentia
|
ovidentia
|
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
|
CWE-89
SQL Injection
|
CVE-2019-13978
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223843
|
5.4 |
MEDIUM
Network
|
ovidentia
|
ovidentia
|
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13977
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223844
|
8.8 |
HIGH
Network
|
layerbb
|
layerbb
|
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-13974
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223845
|
9.8 |
CRITICAL
Network
|
layerbb
|
layerbb
|
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13973
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223846
|
6.1 |
MEDIUM
Network
|
layerbb
|
layerbb
|
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13972
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223847
|
6.1 |
MEDIUM
Network
|
otcms
|
otcms
|
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13971
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223848
|
6.1 |
MEDIUM
Network
|
antsword_project
|
antsword
|
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/dat…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13970
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223849
|
8.8 |
HIGH
Network
|
metinfo
|
metinfo
|
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
|
CWE-89
SQL Injection
|
CVE-2019-13969
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223850
|
9.8 |
CRITICAL
Network
|
videolan
opensuse
debian
canonical
|
vlc_media_player
leap
backports_sle
debian_linux
ubuntu_linux
|
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13962
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
