|
223691
|
9.1 |
CRITICAL
Network
|
footy
|
tipping_software
|
Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-17058
|
2024-11-21 13:31 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223692
|
6.1 |
MEDIUM
Network
|
footy
|
tipping_software
|
Footy Tipping Software AFL Web Edition 2019 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17057
|
2024-11-21 13:31 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223693
|
6.1 |
MEDIUM
Network
|
simpleledger
|
slpjs
|
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted B…
|
CWE-20
Improper Input Validation
|
CVE-2019-16762
|
2024-11-21 13:31 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223694
|
6.1 |
MEDIUM
Network
|
simpleledger
|
slp-validate
|
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specia…
|
CWE-20
Improper Input Validation
|
CVE-2019-16761
|
2024-11-21 13:31 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223695
|
5.9 |
MEDIUM
Network
|
st
|
st33tphf2espi_firmware
st33tphf2ei2c_firmware
st33tphf20spi_firmware
st33tphf20i2c_firmware
|
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka…
|
CWE-327
CWE-203
Use of a Broken or Risky Cryptographic Algorithm
Information Exposure Through Discrepancy
|
CVE-2019-16863
|
2024-11-21 13:31 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223696
|
5.3 |
MEDIUM
Network
|
enghouse
|
web_chat
|
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2019-16951
|
2024-11-21 13:31 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223697
|
6.1 |
MEDIUM
Network
|
enghouse
|
web_chat
|
An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. The QueueName parameter of a GET request allows for insertion of user-supplied JavaScript.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16950
|
2024-11-21 13:31 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223698
|
6.5 |
MEDIUM
Network
|
enghouse
|
web_chat
|
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the us…
|
CWE-20
Improper Input Validation
|
CVE-2019-16949
|
2024-11-21 13:31 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223699
|
9.8 |
CRITICAL
Network
|
enghouse
|
web_chat
|
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-16948
|
2024-11-21 13:31 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223700
|
8.8 |
HIGH
Network
|
getigniteup
|
igniteup
|
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-17237
|
2024-11-21 13:31 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
