Export limit exceeded: 361866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12146 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. | ||||
| CVE-2019-12145 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system. | ||||
| CVE-2019-12144 | 1 Ipswitch | 1 Ws Ftp Server | 2024-11-21 | N/A |
| An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. | ||||
| CVE-2019-12143 | 1 Progress | 1 Ws Ftp Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | ||||
| CVE-2019-12139 | 1 Ez | 2 Ezplatform-admin-ui, Ezplatform-page-builder | 2024-11-21 | N/A |
| An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This affects ezplatform-admin-ui 1.3.x before 1.3.5 and 1.4.x before 1.4.4, and ezplatform-page-builder 1.1.x before 1.1.5 and 1.2.x before 1.2.4. | ||||
| CVE-2019-12138 | 1 Macdown Project | 1 Macdown | 2024-11-21 | N/A |
| MacDown 0.7.1 allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | ||||
| CVE-2019-12137 | 2 Apple, Typora | 2 Mac Os X, Typora | 2024-11-21 | N/A |
| Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note. | ||||
| CVE-2019-12136 | 1 Boostio | 1 Boostnote | 2024-11-21 | N/A |
| There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element. | ||||
| CVE-2019-12135 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-11-21 | N/A |
| An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector. | ||||
| CVE-2019-12134 | 1 Workday | 1 Workday | 2024-11-21 | N/A |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export. | ||||
| CVE-2019-12133 | 1 Zohocorp | 18 Manageengine Analytics Plus, Manageengine Browser Security Plus, Manageengine Desktop Central and 15 more | 2024-11-21 | N/A |
| Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus. | ||||
| CVE-2019-12132 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12131 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.1 Critical |
| An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected. | ||||
| CVE-2019-12130 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12129 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP MSB through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12128 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12127 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP OOM through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12126 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP DCAE through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12125 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| In ONAP Logging through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected. | ||||
| CVE-2019-12124 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.1 Critical |
| An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected. | ||||