Search Results (83140 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-12190 1 Control-webpanel 1 Webpanel 2024-11-21 N/A
XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fm_current_dir or filename parameter.
CVE-2019-12189 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-11-21 N/A
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
CVE-2019-12186 1 Sylius 2 Grid, Sylius 2024-11-21 4.8 Medium
An issue was discovered in Sylius products. Missing input sanitization in sylius/sylius 1.0.x through 1.0.18, 1.1.x through 1.1.17, 1.2.x through 1.2.16, 1.3.x through 1.3.11, and 1.4.x through 1.4.3 and sylius/grid 1.0.x through 1.0.18, 1.1.x through 1.1.18, 1.2.x through 1.2.17, 1.3.x through 1.3.12, 1.4.x through 1.4.4, and 1.5.0 allows an attacker (an admin in the sylius/sylius case) to perform XSS by injecting malicious code into a field displayed in a grid with the "string" field type. The contents are an object, with malicious code returned by the __toString() method of that object.
CVE-2019-12184 1 Boostio 1 Boostnote 2024-11-21 N/A
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12181 1 Solarwinds 2 Serv-u Ftp Server, Serv-u Mft Server 2024-11-21 8.8 High
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
CVE-2019-12167 1 Emerson 2 Liebert Challenger, Liebert Challenger Firmware 2024-11-21 N/A
httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
CVE-2019-12158 1 Gohttp Project 1 Gohttp 2024-11-21 N/A
GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension.
CVE-2019-12139 1 Ez 2 Ezplatform-admin-ui, Ezplatform-page-builder 2024-11-21 N/A
An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4.
CVE-2019-12136 1 Boostio 1 Boostnote 2024-11-21 N/A
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element.
CVE-2019-12133 1 Zohocorp 18 Manageengine Analytics Plus, Manageengine Browser Security Plus, Manageengine Desktop Central and 15 more 2024-11-21 N/A
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
CVE-2019-12132 1 Onap 1 Open Network Automation Platform 2024-11-21 9.8 Critical
An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
CVE-2019-12123 1 Onap 1 Open Network Automation Platform 2024-11-21 8.8 High
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.
CVE-2019-12113 1 Onap 1 Open Network Automation Platform 2024-11-21 8.8 High
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.
CVE-2019-12112 1 Onap 1 Open Network Automation Platform 2024-11-21 9.8 Critical
An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.
CVE-2019-12104 1 Tp-link 2 M7350, M7350 Firmware 2024-11-21 N/A
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
CVE-2019-12103 1 Tp-link 2 M7350, M7350 Firmware 2024-11-21 N/A
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.
CVE-2019-12095 1 Horde 1 Groupware 2024-11-21 8.8 High
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
CVE-2019-12094 1 Horde 1 Groupware 2024-11-21 6.1 Medium
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
CVE-2019-12091 1 Netskope 1 Netskope 2024-11-21 7.8 High
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.
CVE-2019-12083 3 Fedoraproject, Opensuse, Rust-lang 3 Fedora, Leap, Rust 2024-11-21 8.1 High
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.