|
223241
|
8.8 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execu…
|
CWE-22
Path Traversal
|
CVE-2019-18871
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223242
|
6.5 |
MEDIUM
Network
|
blaauwproducts
|
remote_kiln_control
|
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.
|
CWE-22
Path Traversal
|
CVE-2019-18870
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223243
|
9.8 |
CRITICAL
Network
|
blaauwproducts
|
remote_kiln_control
|
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.
|
NVD-CWE-Other
|
CVE-2019-18869
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223244
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.
|
CWE-89
SQL Injection
|
CVE-2019-18866
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223245
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.
|
NVD-CWE-noinfo
|
CVE-2019-18864
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223246
|
9.8 |
CRITICAL
Network
|
blaauwproducts
|
remote_kiln_control
|
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2019-18868
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223247
|
7.5 |
HIGH
Network
|
blaauwproducts
|
remote_kiln_control
|
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /…
|
CWE-200
Information Exposure
|
CVE-2019-18867
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223248
|
5.3 |
MEDIUM
Network
|
blaauwproducts
|
remote_kiln_control
|
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2019-18865
|
2024-11-21 13:33 |
2020-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223249
|
9.8 |
CRITICAL
Network
|
wisc
fedoraproject
debian
|
htcondor
fedora
debian_linux
|
HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administra…
|
CWE-287
Improper Authentication
|
CVE-2019-18823
|
2024-11-21 13:33 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223250
|
7.5 |
HIGH
Network
|
arista
|
eos
|
An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to cras…
|
NVD-CWE-noinfo
|
CVE-2019-18948
|
2024-11-21 13:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
