|
223171
|
7.5 |
HIGH
Network
|
hashicorp
|
terraform
|
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-19316
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223172
|
5.3 |
MEDIUM
Network
|
json_pattern_validator_project
|
json_pattern_validator
|
In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'na…
|
CWE-287
Improper Authentication
|
CVE-2019-19507
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223173
|
9.8 |
CRITICAL
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidden support account (with a hard-coded password) in the web administration interface, with administrator privileges. Anybody can l…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-19021
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223174
|
7.2 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overw…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19020
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223175
|
7.5 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix downlo…
|
CWE-346
Origin Validation Error
|
CVE-2019-19019
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223176
|
2.7 |
LOW
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a database configuration file under /include/dbconfig.ini in the web administration interface, revealing what database the web appl…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2019-19018
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223177
|
8.1 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system.
|
CWE-362
CWE-798
Race Condition
Use of Hard-coded Credentials
|
CVE-2019-19017
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223178
|
7.5 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This co…
|
CWE-89
SQL Injection
|
CVE-2019-19016
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223179
|
9.8 |
CRITICAL
Network
|
maleck
|
image_uploader_and_browser_for_ckeditor
|
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
|
CWE-94
Code Injection
|
CVE-2019-19502
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223180
|
9.8 |
CRITICAL
Network
|
napc
|
xinet_elegant_6_asset_library
|
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
|
CWE-89
SQL Injection
|
CVE-2019-19245
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
