|
219001
|
9.8 |
CRITICAL
Network
|
rainbowpdf
|
office_server_document_converter
|
A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary P…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-5019
|
2024-11-21 13:44 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219002
|
9.8 |
CRITICAL
Network
|
wxjava_project
|
wxjava
|
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for C…
|
CWE-611
XXE
|
CVE-2019-5312
|
2024-11-21 13:44 |
2019-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219003
|
6.1 |
MEDIUM
Network
|
yunucms
|
yunucms
|
An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5311
|
2024-11-21 13:44 |
2019-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219004
|
6.1 |
MEDIUM
Network
|
yunucms
|
yunucms
|
YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5310
|
2024-11-21 13:44 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219005
|
7.2 |
HIGH
Network
|
vtiger
|
vtiger_crm
|
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-5009
|
2024-11-21 13:44 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219006
|
7.1 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data dur…
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2019-5007
|
2024-11-21 13:44 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219007
|
5.5 |
MEDIUM
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer dereference during PDF parsing.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-5006
|
2024-11-21 13:44 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219008
|
5.5 |
MEDIUM
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the alloca…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-5005
|
2024-11-21 13:44 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219009
|
9.8 |
CRITICAL
Network
|
ibm
|
financial_transaction_manager
|
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which coul…
|
CWE-89
SQL Injection
|
CVE-2019-4575
|
2024-11-21 13:43 |
2022-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219010
|
2.4 |
LOW
Physics
|
ibm
|
maximo_anywhere
|
IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of the application source code. IBM X-Force ID: 161494.
|
NVD-CWE-noinfo
|
CVE-2019-4352
|
2024-11-21 13:43 |
2022-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
