Search Results (83119 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-11076 1 Cribl 1 Cribl 2024-11-21 N/A
Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request.
CVE-2019-11073 1 Paessler 1 Prtg Network Monitor 2024-11-21 7.2 High
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.
CVE-2019-11062 1 Sun.net 1 Wmpro 2024-11-21 9.8 Critical
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication.
CVE-2019-11060 1 Asus 2 Hg100, Hg100 Firmware 2024-11-21 7.5 High
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
CVE-2019-11045 7 Canonical, Debian, Fedoraproject and 4 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 3.7 Low
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
CVE-2019-11037 1 Php 1 Imagick 2024-11-21 N/A
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
CVE-2019-11033 1 Applaudsolutions 1 Applaud Hcm 2024-11-21 N/A
Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the <iframe./> substring.
CVE-2019-11032 1 Hr-technologies 1 Easytorecruit 2024-11-21 N/A
In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.
CVE-2019-11030 1 Mirasys 1 Mirasys Vms 2024-11-21 N/A
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.
CVE-2019-11025 2 Cacti, Debian 2 Cacti, Debian Linux 2024-11-21 5.4 Medium
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
CVE-2019-11017 1 Dlink 2 Di-524, Di-524 Firmware 2024-11-21 4.8 Medium
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
CVE-2019-11008 4 Canonical, Debian, Graphicsmagick and 1 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2024-11-21 8.8 High
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2019-11005 2 Graphicsmagick, Opensuse 2 Graphicsmagick, Leap 2024-11-21 N/A
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
CVE-2019-11004 1 Materializecss 1 Materialize 2024-11-21 N/A
In Materialize through 1.0.0, XSS is possible via the Toast feature.
CVE-2019-11003 1 Materializecss 1 Materialize 2024-11-21 N/A
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature.
CVE-2019-11002 1 Materializecss 1 Materialize 2024-11-21 N/A
In Materialize through 1.0.0, XSS is possible via the Tooltip feature.
CVE-2019-10999 1 Dlink 20 Dcs-5009l, Dcs-5009l Firmware, Dcs-5010l and 17 more 2024-11-21 N/A
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncryption parameter when requesting wireless.htm. Vulnerable devices include DCS-5009L (1.08.11 and below), DCS-5010L (1.14.09 and below), DCS-5020L (1.15.12 and below), DCS-5025L (1.03.07 and below), DCS-5030L (1.04.10 and below), DCS-930L (2.16.01 and below), DCS-931L (1.14.11 and below), DCS-932L (2.17.01 and below), DCS-933L (1.14.11 and below), and DCS-934L (1.05.04 and below).
CVE-2019-10995 1 Abb 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more 2024-11-21 8.8 High
ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface.
CVE-2019-10991 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10989 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991.