Search Results (83492 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-9653 1 Nuuo 2 Network Video Recorder, Network Video Recorder Firmware 2024-11-21 N/A
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.
CVE-2019-9650 1 Upcoming Events Project 1 Upcoming Events 2024-11-21 N/A
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
CVE-2019-9647 1 Gilacms 1 Gila Cms 2024-11-21 N/A
Gila CMS 1.9.1 has XSS.
CVE-2019-9646 1 Codepeople 1 Contact Form Email 2024-11-21 N/A
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area."
CVE-2019-9644 1 Jupyter 1 Notebook 2024-11-21 N/A
An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error messages can include the content of any invalid JavaScript that was encountered.
CVE-2019-9633 1 Gnome 1 Glib 2024-11-21 N/A
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
CVE-2019-9628 3 Canonical, Opensuse, Xmltooling Project 3 Ubuntu Linux, Leap, Xmltooling 2024-11-21 7.5 High
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
CVE-2019-9627 1 Cyberark 1 Endpoint Privilege Manager 2024-11-21 7.0 High
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
CVE-2019-9616 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
CVE-2019-9614 1 Ofcms Project 1 Ofcms 2024-11-21 N/A
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
CVE-2019-9606 1 Personal Video Collection Script Project 1 Personal Video Collection Script 2024-11-21 N/A
PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature.
CVE-2019-9605 1 Online Lottery Php Readymade Script Project 1 Online Lottery Php Readymade Script 2024-11-21 N/A
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload.
CVE-2019-9595 1 Appcms 1 Appcms 2024-11-21 N/A
AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter.
CVE-2019-9593 1 Mitel 1 Connect Onsite 2024-11-21 6.1 Medium
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2019-9592 1 Mitel 1 Connect Onsite 2024-11-21 6.1 Medium
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2019-9591 1 Mitel 1 Connect Onsite 2024-11-21 6.1 Medium
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
CVE-2019-9580 1 Stackstorm 1 Stackstorm 2024-11-21 N/A
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
CVE-2019-9576 1 Adenion 1 Blog2social 2024-11-21 N/A
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
CVE-2019-9575 1 Quizandsurveymaster 1 Quiz And Survey Master 2024-11-21 N/A
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
CVE-2019-9570 1 Yzmcms 1 Yzmcms 2024-11-21 N/A
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.