|
223091
|
7.5 |
HIGH
Network
|
titanhq
|
webtitan
|
An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This co…
|
CWE-89
SQL Injection
|
CVE-2019-19016
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223092
|
9.8 |
CRITICAL
Network
|
maleck
|
image_uploader_and_browser_for_ckeditor
|
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
|
CWE-94
Code Injection
|
CVE-2019-19502
|
2024-11-21 13:34 |
2019-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223093
|
9.8 |
CRITICAL
Network
|
napc
|
xinet_elegant_6_asset_library
|
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
|
CWE-89
SQL Injection
|
CVE-2019-19245
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223094
|
5.4 |
MEDIUM
Network
|
alfresco
|
alfresco
|
Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19496
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223095
|
5.4 |
MEDIUM
Network
|
kentico
|
kentico
|
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
|
CWE-434
CWE-706
Unrestricted Upload of File with Dangerous Type
Use of Incorrectly-Resolved Name or Reference
|
CVE-2019-19493
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223096
|
6.5 |
MEDIUM
Network
|
teamviewer
|
teamviewer
|
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. (The vendor states that it was later fixed.) Upon login, every communication is saved wit…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2019-19362
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223097
|
6.5 |
MEDIUM
Network
|
djangoproject
fedoraproject
|
django
fedora
|
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but ed…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19118
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223098
|
9.8 |
CRITICAL
Network
|
freeswitch
|
freeswitch
|
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-19492
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223099
|
6.1 |
MEDIUM
Network
|
testlink
|
testlink
|
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19491
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223100
|
7.3 |
HIGH
Local
|
litemanager
|
litemanager
|
LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-19490
|
2024-11-21 13:34 |
2019-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
