Export limit exceeded: 361519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11377 | 1 Wcms | 1 Wcms | 2024-11-21 | N/A |
| wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. | ||||
| CVE-2019-11376 | 1 Brassica | 1 Soy Cms | 2024-11-21 | N/A |
| SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own. | ||||
| CVE-2019-11375 | 1 Meisivod | 1 Msvod | 2024-11-21 | N/A |
| Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI. | ||||
| CVE-2019-11374 | 1 74cms | 1 74cms | 2024-11-21 | N/A |
| 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI. | ||||
| CVE-2019-11373 | 2 Fedoraproject, Mediaarea | 2 Fedora, Mediainfo | 2024-11-21 | N/A |
| An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. | ||||
| CVE-2019-11372 | 2 Fedoraproject, Mediaarea | 2 Fedora, Mediainfo | 2024-11-21 | N/A |
| An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash. | ||||
| CVE-2019-11371 | 1 Burrow-wheeler Aligner Project | 1 Burrow-wheeler Aligner | 2024-11-21 | N/A |
| BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c. | ||||
| CVE-2019-11370 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2024-11-21 | N/A |
| Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | ||||
| CVE-2019-11369 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2024-11-21 | N/A |
| An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. | ||||
| CVE-2019-11368 | 1 Auo | 1 Solar Data Recorder | 2024-11-21 | N/A |
| Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter. | ||||
| CVE-2019-11367 | 1 Auo | 1 Solar Data Recorder | 2024-11-21 | N/A |
| An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully. | ||||
| CVE-2019-11366 | 1 Atftp Project | 1 Atftp | 2024-11-21 | N/A |
| An issue was discovered in atftpd in atftp 0.7.1. It does not lock the thread_list_mutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If thread_data is NULL when assigned to current, and modified by another thread before a certain tftpd_list.c check, there is a crash when dereferencing current->next. | ||||
| CVE-2019-11365 | 1 Atftp Project | 1 Atftp | 2024-11-21 | N/A |
| An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet of 3 bytes or fewer. There are multiple instances of this vulnerable strncpy pattern within the code base, specifically within tftpd_file.c, tftp_file.c, tftpd_mtftp.c, and tftp_mtftp.c. | ||||
| CVE-2019-11364 | 1 Prophecyinternational | 1 Snare Central | 2024-11-21 | N/A |
| An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. | ||||
| CVE-2019-11363 | 1 Prophecyinternational | 1 Snare Central | 2024-11-21 | N/A |
| A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter. | ||||
| CVE-2019-11362 | 1 Rocboss | 1 Rocboss | 2024-11-21 | N/A |
| app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI. | ||||
| CVE-2019-11361 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | ||||
| CVE-2019-11360 | 1 Netfilter | 1 Iptables | 2024-11-21 | 4.2 Medium |
| A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. | ||||
| CVE-2019-11358 | 11 Backdropcms, Debian, Drupal and 8 more | 114 Backdrop, Debian Linux, Drupal and 111 more | 2024-11-21 | 6.1 Medium |
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | ||||
| CVE-2019-11356 | 5 Canonical, Cyrus, Debian and 2 more | 8 Ubuntu Linux, Imap, Debian Linux and 5 more | 2024-11-21 | 9.8 Critical |
| The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. | ||||