|
223751
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification log…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18930
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223752
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18929
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223753
|
9.0 |
CRITICAL
Network
|
fudforum
|
fudforum
|
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. …
|
CWE-79
CWE-78
Cross-site Scripting
OS Command
|
CVE-2019-18839
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223754
|
7.8 |
HIGH
Local
|
gnu
debian
|
fribidi
debian_linux
|
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrar…
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18397
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223755
|
6.1 |
MEDIUM
Network
|
systematicinc
|
iris_standards_management
|
Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18926
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223756
|
9.8 |
CRITICAL
Network
|
systematic
|
iris_webforms
|
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18925
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223757
|
5.3 |
MEDIUM
Network
|
systematic
|
iris_webforms
|
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a …
|
CWE-22
Path Traversal
|
CVE-2019-18924
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223758
|
9.8 |
CRITICAL
Network
|
upredsun
|
file_sharing_wizard
|
File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18655
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223759
|
7.5 |
HIGH
Network
|
json-jwt_project
debian
|
json-jwt
debian_linux
|
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
|
CWE-287
Improper Authentication
|
CVE-2019-18848
|
2024-11-21 13:33 |
2019-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223760
|
7.5 |
HIGH
Network
|
istio
|
istio
|
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2019-18817
|
2024-11-21 13:33 |
2019-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
