|
224751
|
8.1 |
HIGH
Network
|
splunk
|
software_development_kit
|
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2019-5729
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224752
|
9.8 |
CRITICAL
Network
|
portier
|
portier
|
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated. Moreove…
|
CWE-327
CWE-522
Use of a Broken or Risky Cryptographic Algorithm
Insufficiently Protected Credentials
|
CVE-2019-5723
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224753
|
9.8 |
CRITICAL
Network
|
portier
|
portier
|
An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login form, and on the sea…
|
CWE-89
SQL Injection
|
CVE-2019-5722
|
2024-11-21 13:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224754
|
5.3 |
MEDIUM
Network
|
broadcastboxes
|
scion-8_firmware
|
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the …
|
NVD-CWE-noinfo
|
CVE-2019-5616
|
2024-11-21 13:45 |
2019-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224755
|
5.4 |
MEDIUM
Network
|
dradisframework
|
dradis
|
Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to in…
|
CWE-79
Cross-site Scripting
|
CVE-2019-5925
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224756
|
8.8 |
HIGH
Network
|
rednao
|
smart_forms
|
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
|
CWE-352
Origin Validation Error
|
CVE-2019-5924
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224757
|
7.5 |
HIGH
Network
|
ichain
|
insurance_wallet
|
Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2019-5923
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224758
|
7.8 |
HIGH
Local
|
microsoft
|
teams
|
Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2019-5922
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224759
|
7.8 |
HIGH
Local
|
microsoft
|
windows_7
|
Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2019-5921
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
224760
|
8.8 |
HIGH
Network
|
ncrafts
|
formcraft
|
Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page.
|
CWE-352
Origin Validation Error
|
CVE-2019-5920
|
2024-11-21 13:45 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
