Search Results (83233 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-18184 1 Crestron 2 Dmc-stro, Dmc-stro Firmware 2024-11-21 9.8 Critical
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
CVE-2019-18183 2 Fedoraproject, Pacman Project 2 Fedora, Pacman 2024-11-21 9.8 Critical
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.
CVE-2019-18182 2 Fedoraproject, Pacman Project 2 Fedora, Pacman 2024-11-21 9.8 Critical
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.
CVE-2019-17674 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-11-21 5.4 Medium
WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.
CVE-2019-17672 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-11-21 6.1 Medium
WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements.
CVE-2019-17663 2 D-link, Dlink 2 Dir-866l Firmware, Dir-866l 2024-11-21 6.1 Medium
D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in the device common gateway interface, leading to common injection.
CVE-2019-17660 1 Limesurvey 1 Limesurvey 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
CVE-2019-17656 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 5.4 Medium
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.
CVE-2019-17652 1 Fortinet 1 Forticlient 2024-11-21 6.5 Medium
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.
CVE-2019-17651 1 Fortinet 1 Fortisiem 2024-11-21 5.4 Medium
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.
CVE-2019-17650 1 Fortinet 1 Forticlient 2024-11-21 7.8 High
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.
CVE-2019-17642 1 Centreon 1 Centreon 2024-11-21 8.8 High
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin.
CVE-2019-17634 1 Eclipse 1 Memory Analyzer 2024-11-21 9.0 Critical
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer.
CVE-2019-17632 1 Eclipse 1 Jetty 2024-11-21 6.1 Medium
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
CVE-2019-17630 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 4.8 Medium
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen.
CVE-2019-17629 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 4.8 Medium
CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen.
CVE-2019-17625 1 Rambox 1 Rambox 2024-11-21 9.0 Critical
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.
CVE-2019-17624 1 X.org 1 X Server 2024-11-21 7.8 High
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
CVE-2019-17611 1 Hongcms Project 1 Hongcms 2024-11-21 6.1 Medium
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
CVE-2019-17610 1 Hongcms Project 1 Hongcms 2024-11-21 6.1 Medium
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.