|
224121
|
5.3 |
MEDIUM
Network
|
getflightpath
|
flightpath
|
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in …
|
CWE-22
Path Traversal
|
CVE-2019-13396
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224122
|
5.9 |
MEDIUM
Network
|
glpi-project
|
glpi
|
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2019-13240
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224123
|
6.5 |
MEDIUM
Network
|
oniguruma_project
fedoraproject
|
oniguruma
fedora
|
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-13225
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224124
|
8.8 |
HIGH
Network
|
cyberpowersystems
|
powerpanel
|
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an…
|
CWE-352
Origin Validation Error
|
CVE-2019-13071
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224125
|
9.8 |
CRITICAL
Network
|
oniguruma_project
php
fedoraproject
debian
canonical
|
oniguruma
php
fedora
debian_linux
ubuntu_linux
|
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted…
|
CWE-416
Use After Free
|
CVE-2019-13224
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224126
|
9.8 |
CRITICAL
Network
|
yoast
|
yoast_seo
|
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13478
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224127
|
8.8 |
HIGH
Network
|
mobatek
|
mobaxterm
|
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on…
|
CWE-88
Argument Injection
|
CVE-2019-13475
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224128
|
6.1 |
MEDIUM
Network
|
phpwind
|
phpwind
|
PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13472
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224129
|
9.8 |
CRITICAL
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-13470
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224130
|
6.1 |
MEDIUM
Network
|
keynto
|
team_password_manager
|
KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault.
|
CWE-79
Cross-site Scripting
|
CVE-2019-13380
|
2024-11-21 13:24 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
