|
223941
|
7.8 |
HIGH
Local
|
nsa
|
ghidra
|
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2019-17665
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223942
|
7.8 |
HIGH
Local
|
nsa
|
ghidra
|
NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python int…
|
CWE-426
Untrusted Search Path
|
CVE-2019-17664
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223943
|
9.1 |
CRITICAL
Network
|
dlink
|
dir-412_firmware
|
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17512
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223944
|
7.1 |
HIGH
Local
|
paloaltonetworks
|
globalprotect
|
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite ro…
|
NVD-CWE-noinfo
|
CVE-2019-17436
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223945
|
5.5 |
MEDIUM
Local
|
paloaltonetworks
|
globalprotect
|
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature ca…
|
NVD-CWE-noinfo
|
CVE-2019-17435
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223946
|
6.1 |
MEDIUM
Network
|
d-link
|
dir-866l_firmware
|
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17663
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223947
|
9.8 |
CRITICAL
Network
|
cybelsoft
|
thinvnc
|
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC serv…
|
CWE-22
CWE-522
Path Traversal
Insufficiently Protected Credentials
|
CVE-2019-17662
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223948
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.i…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17578
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223949
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' i…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17577
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223950
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test…
|
CWE-79
Cross-site Scripting
|
CVE-2019-17576
|
2024-11-21 13:32 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
