|
223431
|
8.8 |
HIGH
Network
|
pagekit
|
pagekit
|
A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an arbitrary file by removing the CSRF token from a request.
|
CWE-352
Origin Validation Error
|
CVE-2019-19013
|
2024-11-21 13:33 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223432
|
9.8 |
CRITICAL
Network
|
zulip
|
zulip_server
|
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an …
|
NVD-CWE-noinfo
|
CVE-2019-18933
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223433
|
9.8 |
CRITICAL
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is rel…
|
CWE-94
Code Injection
|
CVE-2019-18889
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223434
|
7.5 |
HIGH
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIM…
|
CWE-88
Argument Injection
|
CVE-2019-18888
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223435
|
8.1 |
HIGH
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/h…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18887
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223436
|
9.8 |
CRITICAL
Network
|
sangoma
|
freepbx
|
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
|
CWE-287
Improper Authentication
|
CVE-2019-19006
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223437
|
6.5 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query.
|
CWE-89
SQL Injection
|
CVE-2019-18890
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223438
|
5.3 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthor…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2019-18886
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223439
|
9.8 |
CRITICAL
Network
|
hotkeyp_project
|
hotkeyp
|
HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp.
|
NVD-CWE-noinfo
|
CVE-2019-18349
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223440
|
7.8 |
HIGH
Local
|
gonitro
|
nitro_pro
|
Nitro Pro before 13.2 creates a debug.log file in the directory where a .pdf file is located, if the .pdf document was produced by an OCR operation on the JPEG output of a scanner. Reportedly, this c…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18958
|
2024-11-21 13:33 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
