|
220441
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira_server
|
The labels gadget in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3400
|
2024-11-21 13:42 |
2019-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220442
|
6.1 |
MEDIUM
Network
|
microfocus
|
open_enterprise_server
|
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the v…
|
CWE-79
Cross-site Scripting
|
CVE-2019-3490
|
2024-11-21 13:42 |
2019-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220443
|
9.8 |
CRITICAL
Network
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3939
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220444
|
7.8 |
HIGH
Local
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The c…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3938
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220445
|
7.8 |
HIGH
Local
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2019-3937
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220446
|
7.5 |
HIGH
Network
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition int…
|
NVD-CWE-noinfo
|
CVE-2019-3936
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220447
|
9.1 |
CRITICAL
Network
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated …
|
NVD-CWE-Other
|
CVE-2019-3935
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220448
|
5.3 |
MEDIUM
Network
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attack…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-3934
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220449
|
5.3 |
MEDIUM
Network
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-3933
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220450
|
9.8 |
CRITICAL
Network
|
crestron
|
am-100_firmware
am-101_firmware
|
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-3932
|
2024-11-21 13:42 |
2019-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
