|
223361
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.
|
CWE-352
Origin Validation Error
|
CVE-2019-7357
|
2024-11-21 13:48 |
2020-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223362
|
5.4 |
MEDIUM
Network
|
intelliants
|
subrion
|
Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7356
|
2024-11-21 13:48 |
2020-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223363
|
6.1 |
MEDIUM
Network
|
galileo_cms_project
|
galileo_cms
|
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.e…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7410
|
2024-11-21 13:48 |
2020-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223364
|
5.4 |
MEDIUM
Network
|
ifrn
|
sistema_unificado_de_administracao_publica
|
SUAP V2 allows XSS during the update of user information.
|
CWE-79
Cross-site Scripting
|
CVE-2019-7634
|
2024-11-21 13:48 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223365
|
8.8 |
HIGH
Network
|
weberp
|
weberp
|
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2019-7755
|
2024-11-21 13:48 |
2020-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223366
|
7.2 |
HIGH
Network
|
gigabyte
|
app_center
|
An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Speci…
|
CWE-665
Improper Initialization
|
CVE-2019-7630
|
2024-11-21 13:48 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223367
|
9.8 |
CRITICAL
Network
|
johnsoncontrols
|
entrapass
|
A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system lev…
|
CWE-20
Improper Input Validation
|
CVE-2019-7589
|
2024-11-21 13:48 |
2020-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223368
|
5.4 |
MEDIUM
Network
|
wowza
|
streaming_engine
|
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup…
|
CWE-79
Cross-site Scripting
|
CVE-2019-7655
|
2024-11-21 13:48 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223369
|
6.5 |
MEDIUM
Network
|
wowza
|
streaming_engine
|
Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding ano…
|
CWE-352
Origin Validation Error
|
CVE-2019-7654
|
2024-11-21 13:48 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223370
|
7.8 |
HIGH
Local
|
wowza
|
streaming_engine
|
A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-7656
|
2024-11-21 13:48 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
