|
224021
|
9.8 |
CRITICAL
Network
|
eng
|
knowage
|
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.
|
CWE-287
Improper Authentication
|
CVE-2019-13188
|
2024-11-21 13:24 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224022
|
9.8 |
CRITICAL
Network
|
symphonyextensions
|
rich_text_formatter
|
The Rich Text Formatter (Redactor) extension through v1.1.1 for Symphony CMS has an Unauthenticated arbitrary file upload vulnerability in content.fileupload.php and content.imageupload.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-13187
|
2024-11-21 13:24 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224023
|
6.5 |
MEDIUM
Adjacent
|
smanos
|
w100_firmware
|
Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network.
|
CWE-287
Improper Authentication
|
CVE-2019-13361
|
2024-11-21 13:24 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224024
|
5.3 |
MEDIUM
Network
|
eng
|
knowage
|
In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. This allows for CAPTCHA bypass in the signup page.
|
CWE-287
Improper Authentication
|
CVE-2019-13190
|
2024-11-21 13:24 |
2019-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224025
|
6.1 |
MEDIUM
Network
|
suse
|
rancher
|
Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13209
|
2024-11-21 13:24 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224026
|
7.5 |
HIGH
Network
|
naver
|
cloud_explorer
|
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13156
|
2024-11-21 13:24 |
2019-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224027
|
7.5 |
HIGH
Network
|
androvideo
geovision
|
vd_1_firmware
gv-vr360_firmware
gv-vd8700_firmware
|
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without a…
|
CWE-22
CWE-862
Path Traversal
Missing Authorization
|
CVE-2019-13408
|
2024-11-21 13:24 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224028
|
6.1 |
MEDIUM
Network
|
androvideo
geovision
|
vd_1_firmware
gv-vr360_firmware
gv-vd8700_firmware
|
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the erro…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13407
|
2024-11-21 13:24 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224029
|
7.5 |
HIGH
Network
|
androvideo
|
vd_1_firmware
|
A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-13406
|
2024-11-21 13:24 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224030
|
9.8 |
CRITICAL
Network
|
androvideo
|
vd_1_firmware
|
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to cgibin/AdbSetting.cgi to enable ADB without any au…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-13405
|
2024-11-21 13:24 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
