|
224211
|
7.5 |
HIGH
Network
|
philips
|
taolight_smart_wi-fi_wiz_connected_led_bulb_9290022656_firmware
|
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its…
|
CWE-306
CWE-311
Missing Authentication for Critical Function
Missing Encryption of Sensitive Data
|
CVE-2019-18980
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224212
|
5.3 |
MEDIUM
Network
|
rack-cors_project
debian
canonical
|
rack-cors
debian_linux
ubuntu_linux
|
An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure …
|
CWE-22
Path Traversal
|
CVE-2019-18978
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224213
|
6.5 |
MEDIUM
Network
|
3xlogic
|
infinias_access_control_firmware
|
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application…
|
CWE-352
Origin Validation Error
|
CVE-2019-18651
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224214
|
9.8 |
CRITICAL
Network
|
-
|
-
|
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18939
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224215
|
9.8 |
CRITICAL
Network
|
eq-3
hm_email_project
|
homematic_ccu2_firmware
hm_email
homematic_ccu3_firmware
|
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn through 1.6.8.c installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the save.cgi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18938
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224216
|
9.8 |
CRITICAL
Network
|
-
|
-
|
eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-18937
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224217
|
4.8 |
MEDIUM
Network
|
untangle
|
ng_firewall
|
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18649
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224218
|
4.8 |
MEDIUM
Network
|
untangle
|
ng_firewall
|
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
|
CWE-79
Cross-site Scripting
|
CVE-2019-18648
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224219
|
7.2 |
HIGH
Network
|
untangle
|
ng_firewall
|
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
|
CWE-77
Command Injection
|
CVE-2019-18647
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224220
|
7.2 |
HIGH
Network
|
untangle
|
ng_firewall
|
The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
|
CWE-89
SQL Injection
|
CVE-2019-18646
|
2024-11-21 13:33 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
