|
214041
|
7.2 |
HIGH
Network
|
miniblog_project
|
miniblog
|
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9842
|
2024-11-21 13:52 |
2019-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214042
|
7.8 |
HIGH
Local
|
dahuasecurity
|
ipc-hfw1xxx_firmware
ipc-hdw1xxx_firmware
ipc-hfw2xxx_firmware
|
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2019-9676
|
2024-11-21 13:52 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214043
|
5.3 |
MEDIUM
Network
|
wpengine
|
wpgraphql
|
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9881
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214044
|
9.1 |
CRITICAL
Network
|
wpengine
|
wpgraphql
|
An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9880
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214045
|
9.8 |
CRITICAL
Network
|
wpengine
|
wpgraphql
|
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutatio…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9879
|
2024-11-21 13:52 |
2019-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214046
|
8.8 |
HIGH
Network
|
northern
|
cfengine
|
Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-9929
|
2024-11-21 13:52 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214047
|
9.8 |
CRITICAL
Network
|
pydio
|
pydio
|
An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php fi…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9642
|
2024-11-21 13:52 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214048
|
8.8 |
HIGH
Local
|
synaptics
|
sound_device
|
Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an un…
|
NVD-CWE-noinfo
|
CVE-2019-9730
|
2024-11-21 13:52 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214049
|
8.8 |
HIGH
Network
|
freenetproject
|
freenet
|
Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.
|
CWE-19
Data Processing Errors
|
CVE-2019-9673
|
2024-11-21 13:52 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214050
|
6.1 |
MEDIUM
Network
|
gilacms
|
gila_cms
|
Gila CMS 1.9.1 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9647
|
2024-11-21 13:52 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
