|
218191
|
9.8 |
CRITICAL
Network
|
nagios
|
incident_manager
|
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
|
NVD-CWE-noinfo
|
CVE-2019-9203
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218192
|
8.8 |
HIGH
Network
|
nagios
|
incident_manager
|
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
|
NVD-CWE-noinfo
|
CVE-2019-9202
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218193
|
9.8 |
CRITICAL
Network
|
nagios
|
nagios_xi
|
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
|
CWE-89
SQL Injection
|
CVE-2019-9165
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218194
|
8.8 |
HIGH
Network
|
nagios
|
nagios_xi
|
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9164
|
2024-11-21 13:51 |
2019-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218195
|
6.1 |
MEDIUM
Network
|
mailtraq
|
webmail
|
Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9558
|
2024-11-21 13:51 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218196
|
6.1 |
MEDIUM
Network
|
codecrafters
|
ability_mail_server
|
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the b…
|
CWE-79
Cross-site Scripting
|
CVE-2019-9557
|
2024-11-21 13:51 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218197
|
6.1 |
MEDIUM
Network
|
stackstorm
|
stackstorm
|
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-9580
|
2024-11-21 13:51 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218198
|
7.0 |
HIGH
Local
|
cyberark
|
endpoint_privilege_manager
|
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges …
|
CWE-787
Out-of-bounds Write
|
CVE-2019-9627
|
2024-11-21 13:51 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218199
|
6.5 |
MEDIUM
Network
|
chshcms
|
cscms
|
An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds.
|
CWE-352
Origin Validation Error
|
CVE-2019-9598
|
2024-11-21 13:51 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218200
|
8.8 |
HIGH
Network
|
boltcms
|
bolt
|
Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9185
|
2024-11-21 13:51 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
