|
222631
|
6.1 |
MEDIUM
Network
|
zulip
|
zulip_server
|
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.
|
CWE-601
Open Redirect
|
CVE-2019-19775
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222632
|
9.8 |
CRITICAL
Network
|
verot_project
getk2
|
verot
k2
|
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a sim…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19634
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222633
|
7.2 |
HIGH
Network
|
typo3
|
typo3
|
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL inje…
|
CWE-89
SQL Injection
|
CVE-2019-19850
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222634
|
7.2 |
HIGH
Network
|
typo3
|
typo3
|
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnera…
|
CWE-22
Path Traversal
|
CVE-2019-19848
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222635
|
8.1 |
HIGH
Network
|
libspiro_project
|
libspiro
|
Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19847
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222636
|
8.8 |
HIGH
Network
|
typo3
|
typo3
|
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserializat…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-19849
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222637
|
8.8 |
HIGH
Network
|
contao
|
contao
|
Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19745
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222638
|
5.3 |
MEDIUM
Network
|
contao
|
contao
|
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2019-19714
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222639
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Prefere…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19675
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222640
|
5.3 |
MEDIUM
Network
|
contao
|
contao
|
Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19712
|
2024-11-21 13:35 |
2019-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
