|
225581
|
4.3 |
MEDIUM
Network
|
dkd
|
direct_mail
|
The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and e…
|
CWE-862
Missing Authorization
|
CVE-2019-16698
|
2024-11-21 13:31 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225582
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17223
|
2024-11-21 13:31 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225583
|
7.8 |
HIGH
Local
|
bmc
|
patrol_agent
|
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the on…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-17044
|
2024-11-21 13:31 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225584
|
7.8 |
HIGH
Local
|
bmc
|
patrol_agent
|
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" u…
|
CWE-276
Incorrect Default Permissions
|
CVE-2019-17043
|
2024-11-21 13:31 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225585
|
6.1 |
MEDIUM
Network
|
genesys
|
eservices_chat
|
Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter).
|
CWE-79
Cross-site Scripting
|
CVE-2019-17176
|
2024-11-21 13:31 |
2019-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225586
|
9.8 |
CRITICAL
Network
|
connect2id
apache
oracle
|
nimbus_jose\+jwt
hadoop
solaris_cluster
weblogic_server
peoplesoft_enterprise_peopletools
enterprise_manager_base_platform
primavera_gateway
data_integrator
communications_pri…
|
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authenti…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2019-17195
|
2024-11-21 13:31 |
2019-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225587
|
9.8 |
CRITICAL
Network
|
sophos
|
cyberoamos
|
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consol…
|
CWE-78
OS Command
|
CVE-2019-17059
|
2024-11-21 13:31 |
2019-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225588
|
9.8 |
CRITICAL
Network
|
awplife
|
contact_form_widget
|
The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
|
CWE-89
SQL Injection
|
CVE-2019-17072
|
2024-11-21 13:31 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225589
|
6.1 |
MEDIUM
Network
|
realbigplugins
|
client_dash
|
The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17071
|
2024-11-21 13:31 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225590
|
6.1 |
MEDIUM
Network
|
lqd
|
liquid_speech_balloon
|
The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer.
|
CWE-79
Cross-site Scripting
|
CVE-2019-17070
|
2024-11-21 13:31 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
