|
218781
|
8.8 |
HIGH
Network
|
creditease-sec
|
insight
|
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-6508
|
2024-11-21 13:46 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218782
|
8.8 |
HIGH
Network
|
creditease-sec
|
insight
|
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-6507
|
2024-11-21 13:46 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218783
|
9.8 |
CRITICAL
Network
|
chatopera
|
cosin
|
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-6503
|
2024-11-21 13:46 |
2019-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218784
|
8.0 |
HIGH
Network
|
drupal
debian
|
drupal
debian_linux
|
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-6338
|
2024-11-21 13:46 |
2019-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218785
|
7.5 |
HIGH
Network
|
opensc_project
|
opensc
|
sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-6502
|
2024-11-21 13:46 |
2019-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218786
|
7.5 |
HIGH
Network
|
axway
|
file_tranfer_direct
|
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demon…
|
CWE-22
Path Traversal
|
CVE-2019-6500
|
2024-11-21 13:46 |
2019-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218787
|
8.1 |
HIGH
Network
|
teradata
|
viewpoint
|
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be explo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-6499
|
2024-11-21 13:46 |
2019-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218788
|
8.8 |
HIGH
Adjacent
|
labapart
|
gattlib
|
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
|
CWE-125
Out-of-bounds Read
|
CVE-2019-6498
|
2024-11-21 13:46 |
2019-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218789
|
9.8 |
CRITICAL
Network
|
hotels_server_project
|
hotels_server
|
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
|
CWE-89
SQL Injection
|
CVE-2019-6497
|
2024-11-21 13:46 |
2019-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218790
|
7.8 |
HIGH
Local
|
gnu
|
glibc
|
The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which ca…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2019-6488
|
2024-11-21 13:46 |
2019-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
