Search Results (83490 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-9558 1 Mailtraq 1 Webmail 2024-11-21 N/A
Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
CVE-2019-9557 1 Codecrafters 1 Ability Mail Server 2024-11-21 N/A
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
CVE-2019-9556 1 Fiberhomegroup 2 An5506-04-f, An5506-04-f Firmware 2024-11-21 5.4 Medium
FiberHome an5506-04-f RP2669 devices have XSS.
CVE-2019-9554 1 Craftcms 1 Craft Cms 2024-11-21 6.1 Medium
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
CVE-2019-9553 1 Boltcms 1 Bolt 2024-11-21 6.1 Medium
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
CVE-2019-9551 1 Wdoyo 1 Doyocms 2024-11-21 N/A
An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. It has admin.php XSS.
CVE-2019-9550 1 Dhcms Project 1 Dhcms 2024-11-21 N/A
DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS.
CVE-2019-9544 1 Axiosys 1 Bento4 2024-11-21 N/A
An issue was discovered in Bento4 1.5.1-628. An out of bounds write occurs in AP4_CttsTableEntry::AP4_CttsTableEntry() located in Core/Ap4Array.h. It can be triggered by sending a crafted file to (for example) the mp42hls binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-9542 1 Telos 1 Automated Message Handling System 2024-11-21 6.1 Medium
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9541 1 Telos 1 Automated Message Handling System 2024-11-21 6.1 Medium
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9540 1 Telos 1 Automated Message Handling System 2024-11-21 6.1 Medium
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9539 1 Telos 1 Automated Message Handling System 2024-11-21 6.1 Medium
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9538 1 Telos 1 Automated Message Handling System 2024-11-21 6.1 Medium
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9537 1 Telos 1 Automated Message Handling System 2024-11-21 6.1 Medium
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5.
CVE-2019-9536 1 Apple 1 Iphone 3gs 2024-11-21 6.1 Medium
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.
CVE-2019-9535 1 Iterm2 1 Iterm2 2024-11-21 9.8 Critical
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.
CVE-2019-9533 1 Cobham 2 Explorer 710, Explorer 710 Firmware 2024-11-21 9.8 Critical
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
CVE-2019-9510 1 Microsoft 2 Windows 10, Windows Server 2019 2024-11-21 5.3 Medium
A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.
CVE-2019-9509 1 Vertiv 2 Avocent Umg-4000, Avocent Umg-4000 Firmware 2024-11-21 6.3 Medium
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code.
CVE-2019-9508 1 Vertiv 2 Avocent Umg-4000, Avocent Umg-4000 Firmware 2024-11-21 6.3 Medium
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.