Search Results (83411 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-7327 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'scale' parameter value in the view frame (frame.php) because proper filtration is omitted.
CVE-2019-7326 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Host' parameter value in the view console (console.php) because proper filtration is omitted. This relates to the index.php?view=monitor Host Name field.
CVE-2019-7325 1 Zoneminder 1 Zoneminder 2024-11-21 N/A
Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $_REQUEST['PHP_SELF'], without applying any proper filtration.
CVE-2019-7324 1 Kanboard 1 Kanboard 2024-11-21 N/A
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
CVE-2019-7321 1 Artifex 1 Mupdf 2024-11-21 N/A
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code.
CVE-2019-7301 1 Zevenet 1 Zen Load Balancer 2024-11-21 N/A
Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.
CVE-2019-7299 1 Wpsupportplus 1 Wp Support Plus Responsive Ticket System 2024-11-21 N/A
A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php.
CVE-2019-7298 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-11-21 N/A
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input.
CVE-2019-7297 2 D-link, Dlink 2 Dir-823g Firmware, Dir-823g 2024-11-21 N/A
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input.
CVE-2019-7296 1 Typora 1 Typora 2024-11-21 N/A
typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula.
CVE-2019-7295 1 Typora 1 Typora 2024-11-21 N/A
typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula.
CVE-2019-7293 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-11-21 5.5 Medium
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A local user may be able to read kernel memory.
CVE-2019-7279 1 Optergy 2 Enterprise, Proton 2024-11-21 N/A
Optergy Proton/Enterprise devices have Hard-coded Credentials.
CVE-2019-7269 1 Nortekcontrol 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more 2024-11-21 9.8 Critical
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
CVE-2019-7265 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2024-11-21 9.8 Critical
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
CVE-2019-7264 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2024-11-21 N/A
Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.
CVE-2019-7261 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2024-11-21 9.8 Critical
Linear eMerge E3-Series devices have Hard-coded Credentials.
CVE-2019-7255 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2024-11-21 6.1 Medium
Linear eMerge E3-Series devices allow XSS.
CVE-2019-7250 1 Cross Reference Project 1 Cross Reference 2024-11-21 N/A
An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin.
CVE-2019-7232 1 Abb 2 Pb610 Panel Builder 600, Pb610 Panel Builder 600 Firmware 2024-11-21 8.8 High
The ABB IDAL HTTP server is vulnerable to a buffer overflow when a long Host header is sent in a web request. The Host header value overflows a buffer and overwrites a Structured Exception Handler (SEH) address. An unauthenticated attacker can submit a Host header value of 2047 bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.