|
222521
|
5.5 |
MEDIUM
Local
|
gallagher
|
command_centre
|
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an un…
|
NVD-CWE-noinfo
|
CVE-2019-19801
|
2024-11-21 13:35 |
2020-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222522
|
5.3 |
MEDIUM
Network
|
serpico_project
|
serpico
|
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anyth…
|
NVD-CWE-noinfo
|
CVE-2019-19859
|
2024-11-21 13:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222523
|
4.8 |
MEDIUM
Network
|
serpico_project
|
serpico
|
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19858
|
2024-11-21 13:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222524
|
6.5 |
MEDIUM
Network
|
serpico_project
|
serpico
|
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the…
|
CWE-287
Improper Authentication
|
CVE-2019-19857
|
2024-11-21 13:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222525
|
4.8 |
MEDIUM
Network
|
serpico_project
|
serpico
|
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19856
|
2024-11-21 13:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222526
|
4.8 |
MEDIUM
Network
|
serpico_project
|
serpico
|
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19855
|
2024-11-21 13:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222527
|
8.8 |
HIGH
Network
|
serpico_project
|
serpico
|
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the requ…
|
CWE-352
Origin Validation Error
|
CVE-2019-19854
|
2024-11-21 13:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222528
|
8.8 |
HIGH
Network
|
proofpoint
|
enterprise_protection
|
A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protectio…
|
NVD-CWE-Other
|
CVE-2019-19680
|
2024-11-21 13:35 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222529
|
7.5 |
HIGH
Network
|
schedmd
opensuse
debian
|
slurm
leap
debian_linux
|
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
|
CWE-269
Improper Privilege Management
|
CVE-2019-19728
|
2024-11-21 13:35 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222530
|
5.5 |
MEDIUM
Local
|
schedmd
opensuse
|
slurm
leap
|
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19727
|
2024-11-21 13:35 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
