|
222681
|
7.2 |
HIGH
Network
|
phpshe
|
phpshe
|
PHPSHE 1.7 has SQL injection via the admin.php?mod=order state parameter.
|
CWE-89
SQL Injection
|
CVE-2019-6708
|
2024-11-21 13:46 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222682
|
7.2 |
HIGH
Network
|
phpshe
|
phpshe
|
PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state product_id[] parameter.
|
CWE-89
SQL Injection
|
CVE-2019-6707
|
2024-11-21 13:46 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222683
|
7.5 |
HIGH
Network
|
lua
canonical
|
lua
ubuntu_linux
|
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have …
|
CWE-416
Use After Free
|
CVE-2019-6706
|
2024-11-21 13:46 |
2019-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222684
|
7.2 |
HIGH
Network
|
phpwind
|
phpwind
|
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option.
|
CWE-89
SQL Injection
|
CVE-2019-6691
|
2024-11-21 13:46 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222685
|
8.8 |
HIGH
Network
|
creditease-sec
|
insight
|
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-6510
|
2024-11-21 13:46 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222686
|
8.8 |
HIGH
Network
|
creditease-sec
|
insight
|
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-6509
|
2024-11-21 13:46 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222687
|
8.8 |
HIGH
Network
|
creditease-sec
|
insight
|
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-6508
|
2024-11-21 13:46 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222688
|
8.8 |
HIGH
Network
|
creditease-sec
|
insight
|
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2019-6507
|
2024-11-21 13:46 |
2019-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222689
|
9.8 |
CRITICAL
Network
|
chatopera
|
cosin
|
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-6503
|
2024-11-21 13:46 |
2019-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222690
|
8.0 |
HIGH
Network
|
drupal
debian
|
drupal
debian_linux
|
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-6338
|
2024-11-21 13:46 |
2019-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
