|
223871
|
9.8 |
CRITICAL
Network
|
qibosoft
|
qibosoft
|
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attac…
|
CWE-94
Code Injection
|
CVE-2019-17613
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223872
|
7.2 |
HIGH
Network
|
74cms
|
74cms
|
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sor…
|
CWE-89
SQL Injection
|
CVE-2019-17612
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223873
|
9.8 |
CRITICAL
Network
|
rapidgator
|
rapidgator
|
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17395
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223874
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_opmanager
|
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability coul…
|
CWE-89
SQL Injection
|
CVE-2019-17602
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223875
|
9.8 |
CRITICAL
Network
|
minishare_project
|
minishare
|
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17601
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223876
|
9.8 |
CRITICAL
Network
|
darkhorse
|
dark_horse_comics
|
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17398
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223877
|
9.8 |
CRITICAL
Network
|
powerschool
|
powerschool_mobile
|
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17396
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223878
|
9.8 |
CRITICAL
Network
|
seesaw
|
parent_and_family
|
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17394
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223879
|
6.5 |
MEDIUM
Adjacent
|
infinitestudio
|
infinite_design
|
The Infinite Design application 3.4.12 for Android sends a username and password via TCP without any encryption during login, as demonstrated by sniffing of a public Wi-Fi network.
|
CWE-319
CWE-522
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-17356
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223880
|
9.8 |
CRITICAL
Network
|
orbitz
|
orbitz
|
In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17355
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
