|
223601
|
7.5 |
HIGH
Network
|
mi
|
millet_router_3g_firmware
|
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by a…
|
CWE-22
Path Traversal
|
CVE-2019-18371
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223602
|
5.5 |
MEDIUM
Local
|
glensawyer
|
mp3gain
|
A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-18359
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223603
|
9.8 |
CRITICAL
Network
|
mi
|
millet_router_3g_firmware
|
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can c…
|
CWE-78
OS Command
|
CVE-2019-18370
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223604
|
6.1 |
MEDIUM
Network
|
thycotic
|
secret_server
|
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
|
CWE-79
Cross-site Scripting
|
CVE-2019-18357
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223605
|
6.1 |
MEDIUM
Network
|
thycotic
|
secret_server
|
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
|
CWE-79
Cross-site Scripting
|
CVE-2019-18356
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223606
|
9.8 |
CRITICAL
Network
|
thycotic
|
secret_server
|
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2019-18355
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223607
|
6.1 |
MEDIUM
Network
|
ant.design
|
ant_design_pro
|
In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18350
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223608
|
6.1 |
MEDIUM
Network
|
python
|
python
|
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the fir…
|
CWE-74
Injection
|
CVE-2019-18348
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223609
|
9.8 |
CRITICAL
Network
|
online_grading_system_project
|
online_grading_system
|
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room,…
|
CWE-89
SQL Injection
|
CVE-2019-18344
|
2024-11-21 13:33 |
2019-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223610
|
6.5 |
MEDIUM
Network
|
citrix
|
application_delivery_controller_firmware
gateway
|
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and …
|
NVD-CWE-noinfo
|
CVE-2019-18177
|
2024-11-21 13:32 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
