|
223471
|
6.1 |
MEDIUM
Network
|
go-camo_project
|
go-camo
|
Insufficient content type validation of proxied resources in go-camo before 2.1.1 allows a remote attacker to serve arbitrary content from go-camo's origin.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18923
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223472
|
8.8 |
HIGH
Network
|
fairsketch
|
rise_-_ultimate_project_manager
|
index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users.
|
CWE-352
Origin Validation Error
|
CVE-2019-18884
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223473
|
6.1 |
MEDIUM
Network
|
lavalite
|
lavalite
|
XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18883
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223474
|
7.5 |
HIGH
Network
|
linux
|
acrn
|
The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information…
|
CWE-617
Reachable Assertion
|
CVE-2019-18844
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223475
|
8.6 |
HIGH
Network
|
crun_project
fedoraproject
|
crun
fedora
|
An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in li…
|
CWE-59
Link Following
|
CVE-2019-18837
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223476
|
6.1 |
MEDIUM
Network
|
parallels
|
parallels_plesk_panel
|
Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18793
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223477
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-18931
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223478
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification log…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18930
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223479
|
8.8 |
HIGH
Network
|
western_digital
|
my_cloud_ex2_ultra_firmware
|
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-18929
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223480
|
9.0 |
CRITICAL
Network
|
fudforum
|
fudforum
|
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. …
|
CWE-79
CWE-78
Cross-site Scripting
OS Command
|
CVE-2019-18839
|
2024-11-21 13:33 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
