IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
Max CVSS
7.5
EPSS Score
11.51%
Published
2019-06-03
Updated
2019-06-04
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
Max CVSS
9.3
EPSS Score
14.42%
Published
2019-06-03
Updated
2020-03-18

CVE-2019-12477

Public exploit
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
Max CVSS
5.5
EPSS Score
92.60%
Published
2019-06-07
Updated
2019-06-11
In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.
Max CVSS
8.1
EPSS Score
0.14%
Published
2019-06-14
Updated
2023-03-24
The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories.
Max CVSS
7.8
EPSS Score
0.09%
Published
2019-06-12
Updated
2019-10-09
An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution.
Max CVSS
9.8
EPSS Score
15.64%
Published
2019-06-05
Updated
2019-06-06
NGA ResourceLink 20.0.2.1 allows local file inclusion.
Max CVSS
6.5
EPSS Score
0.09%
Published
2019-06-19
Updated
2019-06-19
The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.
Max CVSS
4.9
EPSS Score
0.06%
Published
2019-06-28
Updated
2020-08-24
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!