Search Results (83228 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16725 1 Joomla 1 Joomla\! 2024-11-21 6.1 Medium
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
CVE-2019-16719 1 Wtcms Project 1 Wtcms 2024-11-21 6.5 Medium
WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.
CVE-2019-16718 1 Radare 1 Radare2 2024-11-21 7.8 High
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.
CVE-2019-16717 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.2 has XSS.
CVE-2019-16713 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 6.5 Medium
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
CVE-2019-16712 3 Imagemagick, Opensuse, Redhat 3 Imagemagick, Leap, Enterprise Linux 2024-11-21 6.5 Medium
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVE-2019-16711 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 6.5 Medium
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
CVE-2019-16710 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 6.5 Medium
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
CVE-2019-16709 4 Canonical, Imagemagick, Opensuse and 1 more 5 Ubuntu Linux, Imagemagick, Backports and 2 more 2024-11-21 6.5 Medium
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-16708 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 6.5 Medium
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2019-16704 1 Phpmywind 1 Phpmywind 2024-11-21 4.8 Medium
admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-16703 1 Phpmywind 1 Phpmywind 2024-11-21 6.1 Medium
admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.
CVE-2019-16701 1 Netgate 1 Pfsense 2024-11-21 8.8 High
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
CVE-2019-16688 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
CVE-2019-16687 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVE-2019-16686 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
CVE-2019-16685 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVE-2019-16684 1 Xoops 1 Xoops 2024-11-21 4.8 Medium
An issue was discovered in the image-manager in Xoops 2.5.10. When any image with a JavaScript payload as its name is hovered over in the list or in the Edit page, the payload executes.
CVE-2019-16683 1 Xoops 1 Xoops 2024-11-21 4.8 Medium
An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes.
CVE-2019-16681 1 Traveloka 1 Traveloka 2024-11-21 4.7 Medium
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application.