|
224571
|
7.5 |
HIGH
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
CWE-74
Injection
|
CVE-2019-16468
|
2024-11-21 13:30 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224572
|
6.1 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16467
|
2024-11-21 13:30 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224573
|
6.1 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
CWE-79
Cross-site Scripting
|
CVE-2019-16466
|
2024-11-21 13:30 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224574
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiauthenticator
|
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of t…
|
CWE-79
Cross-site Scripting
|
CVE-2019-16154
|
2024-11-21 13:30 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224575
|
5.3 |
MEDIUM
Network
|
dten
|
d5_firmware
d7_firmware
|
DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-16271
|
2024-11-21 13:30 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224576
|
7.5 |
HIGH
Network
|
dten
|
d5_firmware
d7_firmware
|
DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-16274
|
2024-11-21 13:30 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224577
|
9.8 |
CRITICAL
Network
|
dten
|
d5_firmware
d7_firmware
|
DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a co…
|
NVD-CWE-noinfo
|
CVE-2019-16273
|
2024-11-21 13:30 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224578
|
9.8 |
CRITICAL
Network
|
dten
|
d5_firmware
d7_firmware
|
On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-16272
|
2024-11-21 13:30 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224579
|
9.8 |
CRITICAL
Network
|
yandex
|
clickhouse
|
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
|
CWE-125
CWE-787
CWE-191
Out-of-bounds Read
Out-of-bounds Write
Integer Underflow (Wrap or Wraparound)
|
CVE-2019-16535
|
2024-11-21 13:30 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224580
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-601_firmware
|
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this i…
|
CWE-287
Improper Authentication
|
CVE-2019-16327
|
2024-11-21 13:30 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
