|
225021
|
6.1 |
MEDIUM
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15086
|
2024-11-21 13:28 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225022
|
7.5 |
HIGH
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
|
CWE-200
Information Exposure
|
CVE-2019-15085
|
2024-11-21 13:28 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225023
|
9.8 |
CRITICAL
Network
|
terrasoft
|
bpm_online_crm_system_sdk
|
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
|
CWE-89
SQL Injection
|
CVE-2019-15301
|
2024-11-21 13:28 |
2019-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225024
|
9.8 |
CRITICAL
Network
|
code42
|
code42
|
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerabi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-15131
|
2024-11-21 13:28 |
2019-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225025
|
6.5 |
MEDIUM
Network
|
xwiki
|
cryptpad
|
The pad management logic in XWiki labs CryptPad before 3.0.0 allows a remote attacker (who has access to a Rich Text pad with editing rights for the URL) to corrupt it (i.e., cause data loss) via a t…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2019-15302
|
2024-11-21 13:28 |
2019-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225026
|
6.5 |
MEDIUM
Network
|
digium
|
asterisk
|
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk.…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-15297
|
2024-11-21 13:28 |
2019-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225027
|
6.5 |
MEDIUM
Network
|
if.svnadmin_project
|
if.svnadmin
|
iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to create a user.
|
CWE-352
Origin Validation Error
|
CVE-2019-15128
|
2024-11-21 13:28 |
2019-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225028
|
9.8 |
CRITICAL
Network
|
sahipro
|
sahi_pro
|
An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an ar…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-15102
|
2024-11-21 13:28 |
2019-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225029
|
7.5 |
HIGH
Network
|
teamspeak
|
teamspeak
|
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters U+2068 (FIRST STRONG ISOLATE) and U+2067 (RIGHT-…
|
NVD-CWE-noinfo
|
CVE-2019-15502
|
2024-11-21 13:28 |
2019-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225030
|
8.8 |
HIGH
Network
|
manageyourteam
|
myt_project_management
|
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the administrator into executing arbitrary code via a sp…
|
CWE-352
Origin Validation Error
|
CVE-2019-15496
|
2024-11-21 13:28 |
2019-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
