|
223461
|
4.8 |
MEDIUM
Network
|
untangle
|
ng_firewall
|
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18648
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223462
|
7.2 |
HIGH
Network
|
untangle
|
ng_firewall
|
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
|
CWE-77
Command Injection
|
CVE-2019-18647
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223463
|
7.2 |
HIGH
Network
|
untangle
|
ng_firewall
|
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
|
CWE-89
SQL Injection
|
CVE-2019-18646
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223464
|
6.1 |
MEDIUM
Network
|
microstrategy
|
microstrategy_library
|
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18957
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223465
|
7.8 |
HIGH
Local
|
scanguard
|
scanguard_antivirus
|
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-18895
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223466
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, ak…
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-18885
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223467
|
7.5 |
HIGH
Network
|
snowhaze
|
snowhaze
|
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's …
|
CWE-863
Incorrect Authorization
|
CVE-2019-18949
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223468
|
5.3 |
MEDIUM
Network
|
netease
|
pomelo
|
Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-18954
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223469
|
9.8 |
CRITICAL
Network
|
sibsoft
|
xfilesharing
|
SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary file upload. This can be combined with CVE-2019-18951 to achieve remote code execution via a .html file, containing short codes, tha…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-18952
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223470
|
7.5 |
HIGH
Network
|
sibsoft
|
xfilesharing
|
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
|
CWE-22
Path Traversal
|
CVE-2019-18951
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
