|
221801
|
7.5 |
HIGH
Network
|
linksys
|
wrt1900acs_firmware
|
An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the r…
|
CWE-287
Improper Authentication
|
CVE-2019-7579
|
2024-11-21 13:48 |
2019-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221802
|
9.8 |
CRITICAL
Network
|
artifex
|
mupdf
|
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
|
CWE-787
CWE-908
Out-of-bounds Write
Use of Uninitialized Resource
|
CVE-2019-7321
|
2024-11-21 13:48 |
2019-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221803
|
8.8 |
HIGH
Network
|
adobe
redhat
|
flash_player
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
|
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execu…
|
CWE-416
Use After Free
|
CVE-2019-7845
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221804
|
9.8 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-7840
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221805
|
9.8 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
|
CWE-77
Command Injection
|
CVE-2019-7839
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221806
|
9.8 |
CRITICAL
Network
|
adobe
|
coldfusion
|
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code e…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-7838
|
2024-11-21 13:48 |
2019-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221807
|
6.1 |
MEDIUM
Network
|
api_based_travel_booking_project
|
api_based_travel_booking
|
An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7554
|
2024-11-21 13:48 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221808
|
5.4 |
MEDIUM
Network
|
chartered_accountant_\
|
_auditor_website_project
|
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7553
|
2024-11-21 13:48 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221809
|
5.4 |
MEDIUM
Network
|
investment_mlm_software_project
|
investment_mlm_software
|
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7552
|
2024-11-21 13:48 |
2019-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221810
|
8.8 |
HIGH
Network
|
primasystems
|
flexair
|
Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2019-7672
|
2024-11-21 13:48 |
2019-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
