Search Results (83155 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-13077 1 Quest 1 Kace Systems Management Appliance 2024-11-21 6.1 Medium
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users.
CVE-2019-13074 1 Mikrotik 26 Ccr1009-7g-1c-1s\+, Ccr1009-7g-1c-1s\+pc, Ccr1009-7g-1c-pc and 23 more 2024-11-21 N/A
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
CVE-2019-13072 1 Zoneminder 1 Zoneminder 2024-11-21 5.4 Medium
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
CVE-2019-13070 1 Cyberpowersystems 1 Powerpanel 2024-11-21 N/A
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim.
CVE-2019-13069 1 Extenua 1 Silvershield 2024-11-21 N/A
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.
CVE-2019-13068 1 Grafana 1 Grafana 2024-11-21 N/A
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
CVE-2019-13066 1 Sahipro 1 Sahi Pro 2024-11-21 6.1 Medium
Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS.
CVE-2019-13051 1 Pi-hole 1 Pi-hole 2024-11-21 8.8 High
Pi-Hole 4.3 allows Command Injection.
CVE-2019-13025 1 Compal 2 Ch7465lg, Ch7465lg Firmware 2024-11-21 9.8 Critical
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem.
CVE-2019-13024 1 Centreon 1 Centreon 2024-11-21 N/A
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
CVE-2019-13012 2 Gnome, Redhat 2 Glib, Enterprise Linux 2024-11-21 N/A
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.
CVE-2019-13009 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.
CVE-2019-12997 1 Icon 1 Loopchain 2024-11-21 N/A
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable).
CVE-2019-12992 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2024-11-21 N/A
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
CVE-2019-12988 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2024-11-21 N/A
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
CVE-2019-12987 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2024-11-21 N/A
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
CVE-2019-12986 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2024-11-21 N/A
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
CVE-2019-12985 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2024-11-21 N/A
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
CVE-2019-12970 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of (for example) a NOEMBED, NOFRAMES, NOSCRIPT, or TEXTAREA element.
CVE-2019-12966 1 Fehelper Project 1 Fehelper 2024-11-21 N/A
FeHelper through 2019-06-19 allows arbitrary code execution during a JSON format operation, as demonstrated by the {"a":(function(){confirm(1)})()} input.