|
223591
|
9.8 |
CRITICAL
Network
|
typestack_class-validator_project
|
typestack_class-validator
|
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbid…
|
CWE-79
CWE-89
Cross-site Scripting
SQL Injection
|
CVE-2019-18413
|
2024-11-21 13:33 |
2019-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223592
|
7.8 |
HIGH
Local
|
zenspider
|
ruby_parser-legacy
|
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 throug…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18409
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223593
|
7.5 |
HIGH
Network
|
libarchive
debian
canonical
|
libarchive
debian_linux
ubuntu_linux
|
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
|
CWE-416
Use After Free
|
CVE-2019-18408
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223594
|
9.8 |
CRITICAL
Network
|
igniterealtime
|
openfire
|
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-18394
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223595
|
5.3 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
|
CWE-22
Path Traversal
|
CVE-2019-18393
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223596
|
9.8 |
CRITICAL
Network
|
hotel_and_lodge_management_system_project
|
hotel_and_lodge_management_system
|
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit p…
|
CWE-89
SQL Injection
|
CVE-2019-18387
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223597
|
7.5 |
HIGH
Network
|
terra-master
|
fs-210_firmware
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-18385
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223598
|
6.5 |
MEDIUM
Network
|
terra-master
|
fs-210_firmware
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_…
|
NVD-CWE-noinfo
|
CVE-2019-18384
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223599
|
7.5 |
HIGH
Network
|
terra-master
|
fs-210_firmware
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.
|
CWE-862
Missing Authorization
|
CVE-2019-18383
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223600
|
7.5 |
HIGH
Network
|
avstar
|
pe204_firmware
|
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
|
NVD-CWE-noinfo
|
CVE-2019-18382
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
