|
218301
|
9.8 |
CRITICAL
Network
|
digitaldruid
|
hoteldruid
|
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
|
CWE-89
SQL Injection
|
CVE-2019-9086
|
2024-11-21 13:50 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218302
|
4.9 |
MEDIUM
Network
|
digitaldruid
|
hoteldruid
|
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /…
|
CWE-369
Divide By Zero
|
CVE-2019-9084
|
2024-11-21 13:50 |
2019-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218303
|
9.8 |
CRITICAL
Network
|
saet
|
tebe_small_firmware
webapp
|
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/…
|
CWE-22
Path Traversal
|
CVE-2019-9106
|
2024-11-21 13:50 |
2019-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218304
|
7.5 |
HIGH
Network
|
saet
|
tebe_small_firmware
webapp
|
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-9105
|
2024-11-21 13:50 |
2019-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218305
|
6.1 |
MEDIUM
Network
|
digitaldruid
|
hoteldruid
|
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-8937
|
2024-11-21 13:50 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218306
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
|
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
|
CWE-79
Cross-site Scripting
|
CVE-2019-8929
|
2024-11-21 13:50 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218307
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
|
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userNam…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8928
|
2024-11-21 13:50 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218308
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
|
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emai…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8927
|
2024-11-21 13:50 |
2019-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218309
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
|
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev…
|
CWE-79
Cross-site Scripting
|
CVE-2019-8926
|
2024-11-21 13:50 |
2019-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218310
|
4.3 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
|
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the…
|
CWE-22
Path Traversal
|
CVE-2019-8925
|
2024-11-21 13:50 |
2019-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
