|
224381
|
8.8 |
HIGH
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service.
|
CWE-352
Origin Validation Error
|
CVE-2019-17217
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224382
|
9.8 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2019-17216
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224383
|
9.8 |
CRITICAL
Network
|
vzug
|
combi-stream_mslq_firmware
|
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to brutefor…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-17215
|
2024-11-21 13:31 |
2019-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224384
|
7.5 |
HIGH
Network
|
webarxsecurity
|
webarx
|
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17214
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224385
|
6.1 |
MEDIUM
Network
|
webarxsecurity
|
webarx
|
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17213
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224386
|
9.8 |
CRITICAL
Network
|
redis_wrapper_project
|
redis_wrapper
|
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-17206
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224387
|
6.1 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17205
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224388
|
5.4 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17204
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224389
|
5.4 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17203
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224390
|
7.5 |
HIGH
Network
|
webpagetest
|
webpagetest
|
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
|
CWE-22
Path Traversal
|
CVE-2019-17199
|
2024-11-21 13:31 |
2019-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
