|
223951
|
6.1 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang p…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17660
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223952
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17630
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223953
|
4.8 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17629
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223954
|
6.5 |
MEDIUM
Adjacent
|
yalehome
|
yale_bluetooth_key
|
The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the a…
|
CWE-287
Improper Authentication
|
CVE-2019-17627
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223955
|
9.8 |
CRITICAL
Network
|
reportlab
|
reportlab
|
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
|
CWE-91
Blind XPath Injection
|
CVE-2019-17626
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223956
|
9.0 |
CRITICAL
Network
|
rambox
|
rambox
|
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field …
|
CWE-79
CWE-78
Cross-site Scripting
OS Command
|
CVE-2019-17625
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223957
|
7.8 |
HIGH
Local
|
x.org
|
x_server
|
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-17624
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223958
|
9.8 |
CRITICAL
Network
|
qibosoft
|
qibosoft
|
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attac…
|
CWE-94
Code Injection
|
CVE-2019-17613
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223959
|
7.2 |
HIGH
Network
|
74cms
|
74cms
|
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sor…
|
CWE-89
SQL Injection
|
CVE-2019-17612
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223960
|
9.8 |
CRITICAL
Network
|
rapidgator
|
rapidgator
|
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2019-17395
|
2024-11-21 13:32 |
2019-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
