Export limit exceeded: 361539 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361539 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13380 | 1 Keynto | 1 Team Password Manager | 2024-11-21 | N/A |
| KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online vault. | ||||
| CVE-2019-13379 | 1 Avtech | 2 Room Alert 3e, Room Alert 3e Firmware | 2024-11-21 | N/A |
| On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. | ||||
| CVE-2019-13377 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.9 Medium |
| The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel attack that can be used for full password recovery. | ||||
| CVE-2019-13376 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 6.5 Medium |
| phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS | ||||
| CVE-2019-13375 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | N/A |
| A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | ||||
| CVE-2019-13374 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. | ||||
| CVE-2019-13373 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2024-11-21 | N/A |
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | ||||
| CVE-2019-13372 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 9.8 Critical |
| /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. | ||||
| CVE-2019-13370 | 1 Ignitedcms | 1 Ignitedcms | 2024-11-21 | 8.8 High |
| index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. | ||||
| CVE-2019-13364 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 9.6 Critical |
| admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. | ||||
| CVE-2019-13363 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 9.6 Critical |
| admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | ||||
| CVE-2019-13362 | 1 Codedoc Project | 1 Codedoc | 2024-11-21 | N/A |
| Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy. | ||||
| CVE-2019-13361 | 1 Smanos | 2 W100, W100 Firmware | 2024-11-21 | 6.5 Medium |
| Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an attacker on the same Wi-Fi network. | ||||
| CVE-2019-13360 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. | ||||
| CVE-2019-13359 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. | ||||
| CVE-2019-13358 | 1 Opencats | 1 Opencats | 2024-11-21 | 7.5 High |
| lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. | ||||
| CVE-2019-13357 | 1 Totaldefense | 1 Anti-virus | 2024-11-21 | 7.8 High |
| In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable. | ||||
| CVE-2019-13356 | 1 Totaldefense | 1 Anti-virus | 2024-11-21 | 7.8 High |
| In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | ||||
| CVE-2019-13355 | 1 Totaldefense | 1 Anti-virus | 2024-11-21 | 7.8 High |
| In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable. | ||||
| CVE-2019-13354 | 1 Strong Password Project | 1 Strong Password | 2024-11-21 | N/A |
| The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6. | ||||