|
223541
|
7.5 |
HIGH
Network
|
secudos
|
domos
|
The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion.
|
CWE-22
Path Traversal
|
CVE-2019-18665
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223542
|
5.4 |
MEDIUM
Network
|
secudos
|
domos
|
The Log module in SECUDOS DOMOS before 5.6 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18664
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223543
|
7.5 |
HIGH
Network
|
fastweb
|
fastgate_firmware
|
Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, t…
|
CWE-287
Improper Authentication
|
CVE-2019-18661
|
2024-11-21 13:33 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223544
|
5.3 |
MEDIUM
Network
|
ready
|
wireless_emergency_alerts
|
The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE S…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2019-18659
|
2024-11-21 13:33 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223545
|
6.5 |
MEDIUM
Network
|
wpwham
|
currency_switcher_for_woocommerce
|
An issue was discovered in the Currency Switcher addon before 2.11.2 for WooCommerce if a user provides a currency that was not added by the administrator. In this case, even though the currency does…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-18668
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223546
|
9.8 |
CRITICAL
Network
|
youphptube
|
youphptube
|
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plug…
|
CWE-89
SQL Injection
|
CVE-2019-18662
|
2024-11-21 13:33 |
2019-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223547
|
6.1 |
MEDIUM
Network
|
avg
|
anti-virus
|
A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18654
|
2024-11-21 13:33 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223548
|
6.1 |
MEDIUM
Network
|
avast
|
antivirus
|
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to e…
|
CWE-79
Cross-site Scripting
|
CVE-2019-18653
|
2024-11-21 13:33 |
2019-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223549
|
5.4 |
MEDIUM
Network
|
jitbit
|
.net_forum
|
A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18636
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223550
|
7.2 |
HIGH
Network
|
technicolor
|
td5130v2_firmware
|
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remot…
|
CWE-78
OS Command
|
CVE-2019-18396
|
2024-11-21 13:33 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
