|
223451
|
7.5 |
HIGH
Network
|
jnoj
|
jiangnan_online_judge
|
Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
|
CWE-22
Path Traversal
|
CVE-2019-17537
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223452
|
4.9 |
MEDIUM
Network
|
gilacms
|
gila_cms
|
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-17536
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223453
|
6.1 |
MEDIUM
Network
|
gilacms
|
gila_cms
|
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17535
|
2024-11-21 13:32 |
2019-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223454
|
8.8 |
HIGH
Network
|
libvips
|
libvips
|
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
|
CWE-416
Use After Free
|
CVE-2019-17534
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223455
|
8.2 |
HIGH
Network
|
matio_project
debian
|
matio
debian_linux
|
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
|
CWE-125
CWE-908
Out-of-bounds Read
Use of Uninitialized Resource
|
CVE-2019-17533
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223456
|
7.5 |
HIGH
Network
|
belkin
|
wemo_switch_28b_firmware
|
An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleD…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17532
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223457
|
7.8 |
HIGH
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Cor…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17530
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223458
|
7.8 |
HIGH
Local
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp when called from AP4_Atom::Inspect in Co…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-17529
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223459
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the function AP4_TfhdAtom::SetDefaultSampleSize at Core/Ap4TfhdAtom.h when called from AP4_Processor::ProcessFragments in Core/Ap4Process…
|
NVD-CWE-noinfo
|
CVE-2019-17528
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223460
|
7.5 |
HIGH
Network
|
hydra_project
|
hydra
|
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_head…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-17502
|
2024-11-21 13:32 |
2019-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
