CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2019-15046 +Info 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
52 CVE-2019-15028 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
53 CVE-2019-15027 Exec Code 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.
54 CVE-2019-15025 Sql 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
55 CVE-2019-14986 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command (as well as "Set root password") are exposed.
56 CVE-2019-14985 Exec Code 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.
57 CVE-2019-14984 Exec Code 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMD_EXEC to execute TCL code from a POST request.
58 CVE-2019-14975 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
59 CVE-2019-14974 XSS 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
60 CVE-2019-14973 Overflow 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
61 CVE-2019-14969 Exec Code 2019-08-12 2019-08-12
0.0
None ??? ??? ??? ??? ??? ???
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.
62 CVE-2019-14951 2019-08-12 2019-08-12
0.0
None ??? ??? ??? ??? ??? ???
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.
63 CVE-2019-14940 2019-08-11 2019-08-12
0.0
None ??? ??? ??? ??? ??? ???
In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input.
64 CVE-2019-14939 2019-08-11 2019-08-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.
65 CVE-2019-14937 Sql 2019-08-17 2019-08-17
0.0
None ??? ??? ??? ??? ??? ???
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
66 CVE-2019-14935 2019-08-11 2019-08-12
0.0
None ??? ??? ??? ??? ??? ???
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
67 CVE-2019-14934 2019-08-11 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.
68 CVE-2019-14932 2019-08-12 2019-08-12
0.0
None ??? ??? ??? ??? ??? ???
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.
69 CVE-2019-14924 2019-08-10 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance).
70 CVE-2019-14923 Exec Code 2019-08-16 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
71 CVE-2019-14809 Bypass 2019-08-13 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
72 CVE-2019-14800 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI.
73 CVE-2019-14795 XSS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.
74 CVE-2019-14790 XSS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,
75 CVE-2019-14789 XSS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.
76 CVE-2019-14788 Exec Code Dir. Trav. 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
77 CVE-2019-14786 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
78 CVE-2019-14784 XSS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.
79 CVE-2019-14755 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.
80 CVE-2019-14743 2019-08-07 2019-08-07
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. NOTE: the vendor disputes the significance of this finding; the discoverer was reportedly told that the Steam threat model excludes "Attacks that require physical access to the user's device" and "Attacks that require the ability to drop files in arbitrary locations on the user's filesystem" (which might apply to the attacker's ability to create links under HKLM\SOFTWARE\Wow6432Node\Valve\Steam\Apps).
81 CVE-2019-14681 CSRF 2019-08-08 2019-08-08
0.0
None ??? ??? ??? ??? ??? ???
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
82 CVE-2019-14679 CSRF 2019-08-08 2019-08-08
0.0
None ??? ??? ??? ??? ??? ???
core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.
83 CVE-2019-14530 2019-08-13 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server.
84 CVE-2019-14527 Exec Code 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
85 CVE-2019-14526 Bypass CSRF 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.
86 CVE-2019-14518 XSS 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel."
87 CVE-2019-14516 2019-08-13 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
88 CVE-2019-14433 2019-08-09 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.
89 CVE-2019-14432 Exec Code 2019-08-07 2019-08-07
0.0
None ??? ??? ??? ??? ??? ???
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time.
90 CVE-2019-14427 XSS 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.
91 CVE-2019-14422 Exec Code 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.
92 CVE-2019-14359 2019-08-12 2019-08-13
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is no security impact: the only potentially leaked information is the number of characters in the PIN.
93 CVE-2019-14357 2019-08-10 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that an attack is not "realistically implementable."
94 CVE-2019-14355 2019-08-10 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover secret data shown on the display. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is "insignificant risk."
95 CVE-2019-14354 2019-08-10 2019-08-11
0.0
None ??? ??? ??? ??? ??? ???
On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.
96 CVE-2019-14353 2019-08-08 2019-08-08
0.0
None ??? ??? ??? ??? ??? ???
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: this CVE applies exclusively to the Trezor One, and does not refer to any issues with OLED displays on other devices.
97 CVE-2019-14312 File Inclusion 2019-08-09 2019-08-09
0.0
None ??? ??? ??? ??? ??? ???
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
98 CVE-2019-14234 Sql 2019-08-09 2019-08-09
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
99 CVE-2019-14216 CSRF 2019-08-14 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file.
100 CVE-2019-13578 Exec Code Sql 2019-08-15 2019-08-15
0.0
None ??? ??? ??? ??? ??? ???
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php.
Total number of vulnerabilities : 1161   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.