|
224871
|
6.1 |
MEDIUM
Network
|
backdropcms
|
backdrop
|
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a spe…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14769
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224872
|
5.5 |
MEDIUM
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
|
CWE-667
Improper Locking
|
CVE-2019-14763
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224873
|
6.1 |
MEDIUM
Network
|
osticket
|
osticket
|
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastna…
|
CWE-79
Cross-site Scripting
|
CVE-2019-14750
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224874
|
9.8 |
CRITICAL
Network
|
backdropcms
|
backdrop_cms
|
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded …
|
CWE-20
Improper Input Validation
|
CVE-2019-14771
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224875
|
6.1 |
MEDIUM
Network
|
diaowen
|
dwsurvey
|
DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-14747
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224876
|
9.8 |
CRITICAL
Network
|
kuaifan
|
kuaifancms
|
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.php request.
|
CWE-94
Code Injection
|
CVE-2019-14746
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224877
|
7.8 |
HIGH
Local
|
radare
fedoraproject
|
radare2
fedora
|
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the …
|
CWE-77
Command Injection
|
CVE-2019-14745
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224878
|
6.6 |
MEDIUM
Physics
|
valvesoftware
|
steam_client
|
In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM acces…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-14743
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224879
|
8.8 |
HIGH
Network
|
osticket
|
osticket
|
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically f…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2019-14749
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224880
|
5.4 |
MEDIUM
Network
|
osticket
|
osticket
|
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality h…
|
CWE-79
CWE-434
Cross-site Scripting
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-14748
|
2024-11-21 13:27 |
2019-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
