|
218341
|
9.8 |
CRITICAL
Network
|
sqlitemanager
|
sqlitemanager
|
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
|
CWE-89
SQL Injection
|
CVE-2019-9083
|
2024-11-21 13:50 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218342
|
6.1 |
MEDIUM
Network
|
vertrigoserv_project
|
vertrigoserv
|
VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-8938
|
2024-11-21 13:50 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218343
|
3.3 |
LOW
Local
|
qemu
opensuse
|
qemu
leap
|
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-8934
|
2024-11-21 13:50 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218344
|
7.7 |
HIGH
Network
|
tibco
|
jasperreports_server
|
The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authe…
|
NVD-CWE-noinfo
|
CVE-2019-8986
|
2024-11-21 13:50 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218345
|
6.1 |
MEDIUM
Network
|
wuzhicms
|
wuzhicms
|
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9108
|
2024-11-21 13:50 |
2019-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218346
|
6.1 |
MEDIUM
Network
|
wuzhicms
|
wuzhi_cms
|
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9107
|
2024-11-21 13:50 |
2019-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218347
|
8.8 |
HIGH
Network
|
thinkphp
opensourcebms
zzzcms
|
thinkphp
open_source_background_management_system
zzzphp
|
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=syste…
|
CWE-94
CWE-306
Code Injection
Missing Authentication for Critical Function
|
CVE-2019-9082
|
2024-11-21 13:50 |
2019-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218348
|
5.4 |
MEDIUM
Network
|
zzcms
|
zzcms
|
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9078
|
2024-11-21 13:50 |
2019-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218349
|
7.8 |
HIGH
Local
|
gnu
netapp
canonical
f5
|
binutils
element_software
ubuntu_linux
traffix_signaling_delivery_controller
|
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9077
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218350
|
5.5 |
MEDIUM
Local
|
gnu
netapp
|
binutils
element_software_management
|
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-9076
|
2024-11-21 13:50 |
2019-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
