|
224291
|
5.4 |
MEDIUM
Network
|
intelliants
|
subrion
|
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17225
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224292
|
8.8 |
HIGH
Adjacent
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17219
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224293
|
9.1 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to int…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-17218
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224294
|
8.8 |
HIGH
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.
|
CWE-352
Origin Validation Error
|
CVE-2019-17217
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224295
|
9.8 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-17216
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224296
|
9.8 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to brutefor…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-17215
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224297
|
7.5 |
HIGH
Network
|
webarxsecurity
|
webarx
|
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17214
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224298
|
6.1 |
MEDIUM
Network
|
webarxsecurity
|
webarx
|
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17213
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224299
|
9.8 |
CRITICAL
Network
|
redis_wrapper_project
|
redis_wrapper
|
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-17206
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224300
|
6.1 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17205
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
