|
221901
|
6.5 |
MEDIUM
Network
|
clipsoft
|
rexpert
|
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written …
|
CWE-22
Path Traversal
|
CVE-2019-17322
|
2024-11-21 13:32 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221902
|
5.3 |
MEDIUM
Network
|
clipsoft
|
rexpert
|
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data.…
|
CWE-200
Information Exposure
|
CVE-2019-17321
|
2024-11-21 13:32 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221903
|
5.4 |
MEDIUM
Network
|
zucchetti
|
infobusiness
|
In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. The payload wi…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18207
|
2024-11-21 13:32 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221904
|
8.8 |
HIGH
Network
|
zucchetti
|
infobusiness
|
A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBusiness before and including 4.4.1 allows arbitrary file upload.
|
CWE-352
Origin Validation Error
|
CVE-2019-18206
|
2024-11-21 13:32 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221905
|
6.1 |
MEDIUM
Network
|
zucchetti
|
infobusiness
|
Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input (encoded in base6…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18205
|
2024-11-21 13:32 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221906
|
8.8 |
HIGH
Network
|
zucchetti
|
infobusiness
|
Zucchetti InfoBusiness before and including 4.4.1 allows any authenticated user to upload .php files in order to achieve code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-18204
|
2024-11-21 13:32 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221907
|
9.8 |
CRITICAL
Network
|
trendmicro
|
officescan
apex_one
worry-free_business_security
|
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affecte…
|
CWE-22
Path Traversal
|
CVE-2019-18189
|
2024-11-21 13:32 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221908
|
7.5 |
HIGH
Network
|
trendmicro
|
apex_one
|
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could…
|
CWE-77
Command Injection
|
CVE-2019-18188
|
2024-11-21 13:32 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221909
|
7.5 |
HIGH
Network
|
trendmicro
|
officescan
|
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on …
|
CWE-22
Path Traversal
|
CVE-2019-18187
|
2024-11-21 13:32 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221910
|
8.8 |
HIGH
Network
|
terra-master
|
f2-210_firmware
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
|
NVD-CWE-noinfo
|
CVE-2019-18195
|
2024-11-21 13:32 |
2019-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
