Export limit exceeded: 362705 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362705 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16673 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device. | ||||
| CVE-2019-16672 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. | ||||
| CVE-2019-16671 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption. | ||||
| CVE-2019-16670 | 1 Weidmueller | 80 Ie-sw-pl08m-6tx-2sc, Ie-sw-pl08m-6tx-2sc Firmware, Ie-sw-pl08m-6tx-2scs and 77 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention. | ||||
| CVE-2019-16669 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 5.3 Medium |
| The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. | ||||
| CVE-2019-16667 | 1 Netgate | 1 Pfsense | 2024-11-21 | 8.8 High |
| diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or txtRecallBuffer field, as demonstrated by executing OS commands. This occurs because csrf_callback() produces a "CSRF token expired" error and a Try Again button when a CSRF token is missing. | ||||
| CVE-2019-16665 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 6.1 Medium |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. | ||||
| CVE-2019-16664 | 1 Thinksaas | 1 Thinksaas | 2024-11-21 | 4.8 Medium |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. | ||||
| CVE-2019-16663 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-16662 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-16661 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | 5.4 Medium |
| Ogma CMS 0.5 has XSS via creation of a new blog. | ||||
| CVE-2019-16660 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 8.8 High |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. | ||||
| CVE-2019-16659 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. | ||||
| CVE-2019-16658 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 8.8 High |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. | ||||
| CVE-2019-16657 | 1 Tuzicms | 1 Tuzicms | 2024-11-21 | 6.1 Medium |
| TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. | ||||
| CVE-2019-16656 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 9.8 Critical |
| joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | ||||
| CVE-2019-16655 | 1 Joyplus Project | 1 Joyplus | 2024-11-21 | 7.5 High |
| joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. | ||||
| CVE-2019-16653 | 1 Geniusbytes | 1 Genius Server | 2024-11-21 | 8.8 High |
| An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges. | ||||
| CVE-2019-16652 | 1 Geniusbytes | 1 Genius Server | 2024-11-21 | 7.2 High |
| The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2019-16651 | 1 Virginmedia | 2 Super Hub 3, Super Hub 3 Firmware | 2024-11-21 | 5.3 Medium |
| An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them). | ||||