Search Results (83127 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-11429 1 Control-webpanel 1 Webpanel 2024-11-21 N/A
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
CVE-2019-11427 1 Idreamsoft 1 Icms 2024-11-21 N/A
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
CVE-2019-11426 1 Idreamsoft 1 Icms 2024-11-21 N/A
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
CVE-2019-11417 1 Trendnet 2 Tv-ip110wn, Tv-ip110wn Firmware 2024-11-21 N/A
system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a long string. This affects 1.2.2 build 28, 64, 65, and 68.
CVE-2019-11411 1 Artifex 1 Mujs 2024-11-21 N/A
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
CVE-2019-11410 1 Fusionpbx 1 Fusionpbx 2024-11-21 N/A
app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host.
CVE-2019-11409 1 Fusionpbx 1 Fusionpbx 2024-11-21 8.8 High
app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.
CVE-2019-11408 1 Fusionpbx 1 Fusionpbx 2024-11-21 N/A
XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using a specially crafted caller ID number. This can further lead to remote code execution by chaining this vulnerability with a command injection vulnerability also present in FusionPBX.
CVE-2019-11406 1 Intelliants 1 Subrion Cms 2024-11-21 N/A
Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
CVE-2019-11399 1 Trendnet 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more 2024-11-21 9.8 Critical
An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter.
CVE-2019-11398 1 Ulicms 1 Ulicms 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.
CVE-2019-11395 1 Tabslab 1 Mailcarrier 2024-11-21 N/A
A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR.
CVE-2019-11371 1 Burrow-wheeler Aligner Project 1 Burrow-wheeler Aligner 2024-11-21 N/A
BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.
CVE-2019-11370 1 Carel 2 Pcoweb Card, Pcoweb Card Firmware 2024-11-21 N/A
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
CVE-2019-11368 1 Auo 1 Solar Data Recorder 2024-11-21 N/A
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.
CVE-2019-11365 1 Atftp Project 1 Atftp 2024-11-21 N/A
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c.
CVE-2019-11364 1 Prophecyinternational 1 Snare Central 2024-11-21 N/A
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.
CVE-2019-11360 1 Netfilter 1 Iptables 2024-11-21 4.2 Medium
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.
CVE-2019-11358 11 Backdropcms, Debian, Drupal and 8 more 114 Backdrop, Debian Linux, Drupal and 111 more 2024-11-21 6.1 Medium
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2019-11356 5 Canonical, Cyrus, Debian and 2 more 8 Ubuntu Linux, Imap, Debian Linux and 5 more 2024-11-21 9.8 Critical
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.