|
222551
|
7.5 |
HIGH
Network
|
intelbras
|
iwr_3000n_firmware
|
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} s…
|
NVD-CWE-noinfo
|
CVE-2019-19996
|
2024-11-21 13:35 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222552
|
8.8 |
HIGH
Network
|
intelbras
|
iwr_3000n_firmware
|
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
|
CWE-352
Origin Validation Error
|
CVE-2019-19995
|
2024-11-21 13:35 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222553
|
8.8 |
HIGH
Network
|
artica
|
pandora_fms
|
Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE…
|
CWE-863
Incorrect Authorization
|
CVE-2019-19681
|
2024-11-21 13:35 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222554
|
7.2 |
HIGH
Network
|
halo
|
halo
|
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-19999
|
2024-11-21 13:35 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222555
|
7.5 |
HIGH
Network
|
xiuno
|
xiunobbs
|
Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.
|
CWE-611
XXE
|
CVE-2019-19998
|
2024-11-21 13:35 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222556
|
5.3 |
MEDIUM
Network
|
icegram
|
email_subscribers_\&_newsletters
|
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
|
CWE-862
Missing Authorization
|
CVE-2019-19985
|
2024-11-21 13:35 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222557
|
6.3 |
MEDIUM
Network
|
icegram
|
email_subscribers_\&_newsletters
|
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
|
CWE-863
Incorrect Authorization
|
CVE-2019-19984
|
2024-11-21 13:35 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222558
|
4.3 |
MEDIUM
Network
|
fastvelocity
|
minify
|
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs…
|
CWE-200
Information Exposure
|
CVE-2019-19983
|
2024-11-21 13:35 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222559
|
5.3 |
MEDIUM
Network
|
icegram
|
email_subscribers_\&_newsletters
|
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send…
|
CWE-287
Improper Authentication
|
CVE-2019-19982
|
2024-11-21 13:35 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222560
|
5.4 |
MEDIUM
Network
|
icegram
|
email_subscribers_\&_newsletters
|
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
|
CWE-352
Origin Validation Error
|
CVE-2019-19981
|
2024-11-21 13:35 |
2019-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
