Search Results (83219 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16414 1 Gfi 1 Kerio Control 2024-11-21 6.1 Medium
A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI.
CVE-2019-16406 1 Centreon 1 Centreon Web 2024-11-21 7.8 High
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
CVE-2019-16399 1 Westerndigital 2 Wd My Book, Wd My Book Firmware 2024-11-21 9.8 Critical
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
CVE-2019-16395 1 Gnucobol Project 1 Gnucobol 2024-11-21 7.8 High
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16392 3 Canonical, Debian, Spip 3 Ubuntu Linux, Debian Linux, Spip 2024-11-21 6.1 Medium
SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.
CVE-2019-16385 1 Cybelesoft 1 Thinfinity Virtualui 2024-11-21 6.1 Medium
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed.
CVE-2019-16375 1 Otrs 1 Otrs 2024-11-21 5.4 Medium
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article.
CVE-2019-16366 1 Moddable 2 Moddable, Xs 2024-11-21 9.8 Critical
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
CVE-2019-16354 1 Beego 1 Beego 2024-11-21 4.7 Medium
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
CVE-2019-16352 1 Rockcarry 1 Ffjpeg 2024-11-21 6.5 Medium
ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.
CVE-2019-16347 1 Miniupnp Project 1 Ngiflib 2024-11-21 8.8 High
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2019-16346 1 Miniupnp Project 1 Ngiflib 2024-11-21 8.8 High
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2019-16344 1 Scadabr 1 Scadabr 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.
CVE-2019-16334 1 Bludit 1 Bludit 2024-11-21 4.8 Medium
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16333 1 Get-simple 1 Getsimple Cms 2024-11-21 5.4 Medium
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16332 1 Api Bearer Auth Project 1 Api Bearer Auth 2024-11-21 6.1 Medium
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16330 1 Nchsoftware 1 Express Accounts Accounting 2024-11-21 5.4 Medium
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
CVE-2019-16321 1 Scadabr 1 Scadabr 2024-11-21 6.1 Medium
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
CVE-2019-16313 1 Ifw8 10 Fr5, Fr5-e, Fr5-e Firmware and 7 more 2024-11-21 7.5 High
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
CVE-2019-16312 1 S-cms 1 S-cms 2024-11-21 6.1 Medium
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.