|
224141
|
5.5 |
MEDIUM
Local
|
powauth
|
powassent
|
The use of `String.to_atom/1` in PowAssent is susceptible to denial of service attacks. In `PowAssent.Phoenix.AuthorizationController` a value is fetched from the user provided params, and `String.to…
|
NVD-CWE-noinfo
|
CVE-2019-16764
|
2024-11-21 13:31 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224142
|
6.1 |
MEDIUM
Network
|
pannellum
|
pannellum
|
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16763
|
2024-11-21 13:31 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224143
|
7.5 |
HIGH
Network
|
lexmark
|
services_monitor_firmware
|
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host ope…
|
CWE-22
Path Traversal
|
CVE-2019-16758
|
2024-11-21 13:31 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224144
|
7.3 |
HIGH
Local
|
code42
|
code42
|
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The…
|
CWE-426
Untrusted Search Path
|
CVE-2019-16861
|
2024-11-21 13:31 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224145
|
7.3 |
HIGH
Local
|
code42
|
code42
|
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL…
|
CWE-426
Untrusted Search Path
|
CVE-2019-16860
|
2024-11-21 13:31 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224146
|
6.5 |
MEDIUM
Network
|
microfocus
|
operations_agent
|
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Op…
|
CWE-611
XXE
|
CVE-2019-17085
|
2024-11-21 13:31 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224147
|
9.1 |
CRITICAL
Network
|
footy
|
tipping_software
|
Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat f…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-17058
|
2024-11-21 13:31 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224148
|
6.1 |
MEDIUM
Network
|
footy
|
tipping_software
|
Footy Tipping Software AFL Web Edition 2019 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17057
|
2024-11-21 13:31 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224149
|
6.1 |
MEDIUM
Network
|
simpleledger
|
slpjs
|
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted B…
|
CWE-20
Improper Input Validation
|
CVE-2019-16762
|
2024-11-21 13:31 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224150
|
6.1 |
MEDIUM
Network
|
simpleledger
|
slp-validate
|
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slp-validate@1.0.0 npm package. An attacker could create a specia…
|
CWE-20
Improper Input Validation
|
CVE-2019-16761
|
2024-11-21 13:31 |
2019-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
