Export limit exceeded: 361649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361649 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16677 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.5 Medium |
| An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. | ||||
| CVE-2019-16676 | 1 Plataformatec | 1 Simple Form | 2024-11-21 | 9.8 Critical |
| Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. | ||||
| CVE-2019-16675 | 1 Phoenixcontact | 3 Config\+, Pc Worx, Pc Worx Express | 2024-11-21 | 7.8 High |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | ||||
| CVE-2019-16674 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network. | ||||
| CVE-2019-16673 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | ||||
| CVE-2019-16672 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | ||||
| CVE-2019-16671 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. | ||||
| CVE-2019-16670 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. | ||||
| CVE-2019-16669 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 5.3 Medium |
| The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. | ||||
| CVE-2019-16667 | 1 Netgate | 1 Pfsense | 2024-11-21 | 8.8 High |
| diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | ||||
| CVE-2019-16665 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 6.1 Medium |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. | ||||
| CVE-2019-16664 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 4.8 Medium |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | ||||
| CVE-2019-16663 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-16662 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-16661 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | 5.4 Medium |
| Ogma CMS 0.5 has XSS via creation of a new blog. | ||||
| CVE-2019-16660 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 8.8 High |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | ||||
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | ||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | ||||
| CVE-2019-16657 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 6.1 Medium |
| TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. | ||||
| CVE-2019-16656 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 9.8 Critical |
| joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | ||||