|
218881
|
7.4 |
HIGH
Network
|
ntv
|
news_24
|
The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi…
|
CWE-295
Improper Certificate Validation
|
CVE-2019-6032
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218882
|
6.1 |
MEDIUM
Network
|
dayz
|
kinza
|
Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6031
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218883
|
8.8 |
HIGH
Network
|
custom_body_class_project
|
custom_body_class
|
Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2019-6030
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218884
|
6.1 |
MEDIUM
Network
|
custom_body_class_project
|
custom_body_class
|
Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2019-6029
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218885
|
8.8 |
HIGH
Network
|
wpspellcheck
|
wpspellcheck
|
Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1.9 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2019-6027
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218886
|
6.5 |
MEDIUM
Network
|
rakuten
|
rakuma
|
Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-6024
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218887
|
7.8 |
HIGH
Local
|
motex
|
lanscope_an
lanscope_cat_server_monitoring_agent
lanscope_cat_detection_agent
lanscope_cat_client_program
|
Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Ca…
|
NVD-CWE-noinfo
|
CVE-2019-6026
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218888
|
6.1 |
MEDIUM
Network
|
sixapart
|
movable_type
|
Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable…
|
CWE-601
Open Redirect
|
CVE-2019-6025
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218889
|
4.3 |
MEDIUM
Network
|
cybozu
|
office
|
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
|
NVD-CWE-noinfo
|
CVE-2019-6023
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218890
|
6.5 |
MEDIUM
Network
|
cybozu
|
office
|
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
|
CWE-22
Path Traversal
|
CVE-2019-6022
|
2024-11-21 13:45 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
