Search Results (83218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16307 1 Fujixerox 1 Docushare 2024-11-21 6.1 Medium
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).
CVE-2019-16305 2 Microsoft, Mobatek 2 Windows, Mobaxterm 2024-11-21 8.8 High
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.
CVE-2019-16302 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 High
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16301 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 High
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16300 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 High
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16299 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 High
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16298 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 High
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16297 1 Linuxfoundation 1 Open Network Operating System 2024-11-21 7.5 High
An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution.
CVE-2019-16295 1 Control-webpanel 1 Webpanel 2024-11-21 4.6 Medium
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.
CVE-2019-16294 2 Notepad-plus-plus, Scintilla 2 Notepad\+\+, Scintilla 2024-11-21 7.8 High
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16293 1 Opmantek 1 Open-audit 2024-11-21 8.8 High
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
CVE-2019-16289 1 Webcraftic 1 Woody Ad Snippets 2024-11-21 5.4 Medium
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter.
CVE-2019-16282 1 Nchsoftware 1 Express Invoice 2024-11-21 5.4 Medium
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
CVE-2019-16277 1 Picoc Project 1 Picoc 2024-11-21 7.8 High
PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.
CVE-2019-16268 1 Zohocorp 1 Manageengine Remote Access Plus 2024-11-21 4.8 Medium
Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen.
CVE-2019-16265 1 Codesys 2 Codesys, Eni Server 2024-11-21 9.8 Critical
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.
CVE-2019-16254 3 Debian, Redhat, Ruby-lang 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more 2024-11-21 5.3 Medium
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
CVE-2019-16242 1 Alcatelmobile 2 Cingular Flip 2, Cingular Flip 2 Firmware 2024-11-21 6.8 Medium
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.
CVE-2019-16238 1 Afterlogic 1 Aurora 2024-11-21 6.1 Medium
Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.
CVE-2019-16227 1 Py-lmdb Project 1 Py-lmdb 2024-11-21 9.8 Critical
An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.