|
222461
|
9.8 |
CRITICAL
Network
|
mitel
|
micollab_audio\
_web_\&_video_conferencing
|
A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session paramet…
|
CWE-89
SQL Injection
|
CVE-2019-19607
|
2024-11-21 13:35 |
2020-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222462
|
7.5 |
HIGH
Network
|
pablosoftwaresolutions
|
quick_\'n_easy_web_server
|
The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remot…
|
CWE-787
CWE-415
Out-of-bounds Write
Double Free
|
CVE-2019-19943
|
2024-11-21 13:35 |
2020-02-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222463
|
9.8 |
CRITICAL
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system…
|
CWE-78
OS Command
|
CVE-2019-19994
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222464
|
5.3 |
MEDIUM
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send ar…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-19993
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222465
|
6.5 |
MEDIUM
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /comm…
|
CWE-20
Improper Input Validation
|
CVE-2019-19992
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222466
|
5.4 |
MEDIUM
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2019-19991
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222467
|
5.4 |
MEDIUM
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2019-19990
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222468
|
7.5 |
HIGH
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and author…
|
CWE-862
Missing Authorization
|
CVE-2019-19989
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222469
|
8.8 |
HIGH
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php i…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19988
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222470
|
6.5 |
MEDIUM
Network
|
seling
|
visual_access_manager
|
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse fu…
|
CWE-352
Origin Validation Error
|
CVE-2019-19987
|
2024-11-21 13:35 |
2020-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
