|
221891
|
5.5 |
MEDIUM
Local
|
libpod_project
|
libpod
|
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs.…
|
CWE-59
Link Following
|
CVE-2019-18466
|
2024-11-21 13:33 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221892
|
9.8 |
CRITICAL
Network
|
clonos
|
clonos
|
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
|
CWE-384
Session Fixation
|
CVE-2019-18418
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221893
|
6.1 |
MEDIUM
Network
|
clonos
|
clonos
|
A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18419
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221894
|
8.8 |
HIGH
Network
|
sourcecodester
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequat…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-18417
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221895
|
6.1 |
MEDIUM
Network
|
restaurant_management_system_project
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18416
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221896
|
6.1 |
MEDIUM
Network
|
restaurant_management_system_project
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18415
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221897
|
8.8 |
HIGH
Network
|
sourcecodester
|
restaurant_management_system
|
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricki…
|
CWE-352
Origin Validation Error
|
CVE-2019-18414
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221898
|
9.8 |
CRITICAL
Network
|
typestack_class-validator_project
|
typestack_class-validator
|
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbid…
|
CWE-79
CWE-89
Cross-site Scripting
SQL Injection
|
CVE-2019-18413
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221899
|
7.8 |
HIGH
Local
|
zenspider
|
ruby_parser-legacy
|
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 throug…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18409
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221900
|
7.5 |
HIGH
Network
|
libarchive
debian
canonical
|
libarchive
debian_linux
ubuntu_linux
|
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
|
CWE-416
Use After Free
|
CVE-2019-18408
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
