|
223381
|
8.8 |
HIGH
Network
|
xerox
|
altalink_c8035_firmware
|
Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
|
CWE-352
Origin Validation Error
|
CVE-2019-19832
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223382
|
5.4 |
MEDIUM
Network
|
solarwinds
|
serv-u_ftp_server
|
A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19829
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223383
|
7.8 |
HIGH
Local
|
shadow_project
|
shadow
|
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-19882
|
2024-11-21 13:35 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223384
|
4.8 |
MEDIUM
Network
|
dlink
|
dir-615_firmware
|
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19742
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223385
|
7.5 |
HIGH
Network
|
sqlite
netapp
debian
suse
redhat
opensuse
oracle
siemens
|
sqlite
cloud_backup
debian_linux
package_hub
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
leap
backports_sle
mysql_workbench
sinec_infra…
|
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
|
CWE-476
NULL Pointer Dereference
|
CVE-2019-19880
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223386
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
|
CWE-89
SQL Injection
|
CVE-2019-19846
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223387
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
|
CWE-22
Path Traversal
|
CVE-2019-19845
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223388
|
6.1 |
MEDIUM
Network
|
zulip
|
zulip_server
|
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.
|
CWE-601
Open Redirect
|
CVE-2019-19775
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223389
|
9.8 |
CRITICAL
Network
|
verot_project
getk2
|
verot
k2
|
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a sim…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-19634
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223390
|
7.2 |
HIGH
Network
|
typo3
|
typo3
|
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL inje…
|
CWE-89
SQL Injection
|
CVE-2019-19850
|
2024-11-21 13:35 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
