|
219491
|
7.8 |
HIGH
Local
|
dlink
|
dwl-2600ap_firmware
|
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admi…
|
CWE-78
OS Command
|
CVE-2019-20500
|
2024-11-21 13:38 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219492
|
7.8 |
HIGH
Local
|
dlink
|
dwl-2600ap_firmware
|
D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the a…
|
CWE-78
OS Command
|
CVE-2019-20499
|
2024-11-21 13:38 |
2020-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219493
|
8.8 |
HIGH
Network
|
testlink
|
testlink
|
Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) re…
|
CWE-89
SQL Injection
|
CVE-2019-20107
|
2024-11-21 13:38 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219494
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely c…
|
CWE-287
Improper Authentication
|
CVE-2019-20489
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219495
|
9.8 |
CRITICAL
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execu…
|
CWE-78
OS Command
|
CVE-2019-20488
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219496
|
8.8 |
HIGH
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or t…
|
CWE-352
Origin Validation Error
|
CVE-2019-20487
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219497
|
6.1 |
MEDIUM
Network
|
netgear
|
wnr1000_firmware
|
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the conf…
|
CWE-79
Cross-site Scripting
|
CVE-2019-20486
|
2024-11-21 13:38 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219498
|
9.8 |
CRITICAL
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.
|
CWE-287
Improper Authentication
|
CVE-2019-20481
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219499
|
8.8 |
HIGH
Network
|
miele
|
xgw_3000_zigbee_gateway_firmware
|
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there i…
|
CWE-352
Origin Validation Error
|
CVE-2019-20480
|
2024-11-21 13:38 |
2020-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219500
|
6.1 |
MEDIUM
Network
|
openidc
debian
fedoraproject
opensuse
|
mod_auth_openidc
debian_linux
fedora
leap
|
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
|
CWE-601
Open Redirect
|
CVE-2019-20479
|
2024-11-21 13:38 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
