|
224731
|
6.1 |
MEDIUM
Network
|
cpanel
|
cpanel
|
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
|
CWE-79
Cross-site Scripting
|
CVE-2019-17377
|
2024-11-21 13:32 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224732
|
6.1 |
MEDIUM
Network
|
cpanel
|
cpanel
|
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
|
CWE-79
Cross-site Scripting
|
CVE-2019-17376
|
2024-11-21 13:32 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224733
|
8.8 |
HIGH
Network
|
cpanel
|
cpanel
|
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
|
CWE-613
Insufficient Session Expiration
|
CVE-2019-17375
|
2024-11-21 13:32 |
2019-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224734
|
9.1 |
CRITICAL
Network
|
zabbix
|
zabbix
|
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Repo…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-17382
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224735
|
9.8 |
CRITICAL
Network
|
netgear
|
mbr1515_firmware
mbr1516_firmware
dgn2200_firmware
dgn2200m_firmware
dgnd3700_firmware
wnr2000v2_firmware
wndr3300_firmware
wndr3400_firmware
wnr3500_firmware
wnr834bv2_fir…
|
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, …
|
NVD-CWE-noinfo
|
CVE-2019-17373
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224736
|
8.1 |
HIGH
Network
|
netgear
|
ac1450_firmware
d8500_firmware
dc112a_firmware
jndr3000_firmware
lg2200d_firmware
r4500_firmware
r6200_firmware
r6200v2_firmware
r6250_firmware
r6300_firmware
r6300v2_fi…
|
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovere…
|
CWE-287
Improper Authentication
|
CVE-2019-17372
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224737
|
6.5 |
MEDIUM
Network
|
gif2png_project
|
gif2png
|
gif2png 2.5.13 has a memory leak in the writefile function.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2019-17371
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224738
|
7.2 |
HIGH
Network
|
otcms
|
otcms
|
OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFile_deal.php blocks "into outfile" in a SELECT statement, but does not block the "into/**/outfile" manipulation. Therefore, the …
|
CWE-89
SQL Injection
|
CVE-2019-17370
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224739
|
9.4 |
CRITICAL
Network
|
zyxel
|
nbg-418n_v2_firmware
|
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be lev…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17354
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224740
|
8.2 |
HIGH
Network
|
dlink
|
dir-615_firmware
|
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2019-17353
|
2024-11-21 13:32 |
2019-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
