|
223851
|
8.8 |
HIGH
Network
|
flatcore
|
flatcore
|
A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
|
CWE-352
Origin Validation Error
|
CVE-2019-13961
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223852
|
5.5 |
MEDIUM
Local
|
libjpeg-turbo
|
libjpeg-turbo
|
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor'…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-13960
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223853
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reallocation failures, leading to a memory copy into a NULL pointer. This is different from CVE-2018-20186.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-13959
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223854
|
9.8 |
CRITICAL
Network
|
codersclub
|
discuz\!ml
|
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'…
|
CWE-94
Code Injection
|
CVE-2019-13956
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223855
|
9.8 |
CRITICAL
Network
|
gdnsd
|
gdnsd
|
The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13952
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223856
|
9.8 |
CRITICAL
Network
|
gdnsd
|
gdnsd
|
The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13951
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223857
|
5.4 |
MEDIUM
Network
|
syguestbook_a5_project
|
syguestbook_a5
|
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13950
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223858
|
8.8 |
HIGH
Network
|
syguestbook_a5_project
|
syguestbook_a5
|
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change.
|
CWE-352
Origin Validation Error
|
CVE-2019-13949
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223859
|
5.4 |
MEDIUM
Network
|
syguestbook_a5_project
|
syguestbook_a5
|
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute …
|
CWE-79
Cross-site Scripting
|
CVE-2019-13948
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223860
|
7.5 |
HIGH
Network
|
docker
|
docker
|
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-13509
|
2024-11-21 13:25 |
2019-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
