CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2019-12181 264 2019-06-17 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
52 CVE-2019-12173 20 Exec Code 2019-05-17 2019-05-20
6.8
None Remote Medium Not required Partial Partial Partial
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
53 CVE-2019-12172 20 Exec Code 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
54 CVE-2019-12169 434 Exec Code Dir. Trav. 2019-06-03 2019-06-05
6.8
None Remote Medium Not required Partial Partial Partial
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.
55 CVE-2019-12154 611 DoS 2019-06-11 2019-06-13
6.4
None Remote Low Not required Partial None Partial
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
56 CVE-2019-12153 918 2019-06-11 2019-06-17
6.4
None Remote Low Not required Partial Partial None
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
57 CVE-2019-12146 22 Dir. Trav. 2019-06-11 2019-06-12
6.4
None Remote Low Not required Partial Partial None
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.
58 CVE-2019-12137 22 Dir. Trav. 2019-05-16 2019-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
59 CVE-2019-12134 74 2019-06-06 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.
60 CVE-2019-12102 20 2019-05-22 2019-05-23
6.4
None Remote Low Not required Partial Partial None
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI.
61 CVE-2019-12097 264 Exec Code 2019-06-03 2019-06-05
6.8
None Remote Medium Not required Partial Partial Partial
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.
62 CVE-2019-12083 119 Overflow 2019-05-13 2019-05-25
6.8
None Remote Medium Not required Partial Partial Partial
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
63 CVE-2019-11946 310 2019-06-05 2019-06-06
6.8
None Remote Low Single system Complete None None
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
64 CVE-2019-11896 275 2019-05-29 2019-05-31
6.8
None Remote Medium Not required Partial Partial Partial
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.
65 CVE-2019-11892 284 2019-05-29 2019-05-31
6.8
None Remote Medium Not required Partial Partial Partial
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
66 CVE-2019-11886 352 CSRF 2019-05-13 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.
67 CVE-2019-11875 264 2019-05-24 2019-05-29
6.5
None Remote Low Single system Partial Partial Partial
In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords.
68 CVE-2019-11872 74 Exec Code 2019-05-29 2019-05-30
6.8
None Remote Medium Not required Partial Partial Partial
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text.
69 CVE-2019-11819 74 2019-05-08 2019-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
70 CVE-2019-11816 284 2019-05-20 2019-05-30
6.5
None Remote Low Single system Partial Partial Partial
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
71 CVE-2019-11807 284 2019-05-06 2019-05-07
6.4
None Remote Low Not required None Partial Partial
The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.
72 CVE-2019-11770 669 2019-06-14 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.
73 CVE-2019-11675 362 2019-05-02 2019-05-03
6.9
None Local Medium Not required Complete Complete Complete
The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server.
74 CVE-2019-11644 264 +Priv 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
75 CVE-2019-11642 74 2019-05-08 2019-05-09
6.5
None Remote Low Single system Partial Partial Partial
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.
76 CVE-2019-11640 119 Overflow 2019-05-01 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
77 CVE-2019-11639 119 Overflow 2019-05-01 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
78 CVE-2019-11631 434 Exec Code 2019-04-30 2019-05-03
6.5
None Remote Low Single system Partial Partial Partial
Moodle 3.6.3 allows remote authenticated administrators to execute arbitrary PHP code via a ZIP archive, containing a theme_*.php file, to repository/repository_ajax.php?action=upload and admin/tool/installaddon/index.php.
79 CVE-2019-11617 352 CSRF 2019-04-30 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification.
80 CVE-2019-11615 434 2019-04-30 2019-05-01
6.5
None Remote Low Single system Partial Partial Partial
/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server.
81 CVE-2019-11612 284 2019-04-30 2019-05-01
6.4
None Remote Low Not required None Partial Partial
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.
82 CVE-2019-11609 200 +Info 2019-04-30 2019-05-01
6.4
None Remote Low Not required Partial None Partial
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
83 CVE-2019-11608 200 +Info 2019-04-30 2019-05-01
6.4
None Remote Low Not required Partial None Partial
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
84 CVE-2019-11600 89 Exec Code Sql 2019-05-13 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
85 CVE-2019-11599 362 DoS +Info 2019-04-29 2019-05-28
6.9
None Local Medium Not required Complete Complete Complete
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
86 CVE-2019-11595 20 Exec Code 2019-04-29 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.
87 CVE-2019-11594 74 Exec Code 2019-04-29 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.
88 CVE-2019-11593 74 Exec Code 2019-04-29 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.
89 CVE-2019-11591 352 Dir. Trav. CSRF File Inclusion 2019-04-29 2019-05-03
6.8
None Remote Medium Not required Partial Partial Partial
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
90 CVE-2019-11590 352 Dir. Trav. CSRF File Inclusion 2019-04-29 2019-05-03
6.8
None Remote Medium Not required Partial Partial Partial
The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
91 CVE-2019-11569 352 CSRF 2019-05-06 2019-05-07
6.8
None Remote Medium Not required Partial Partial Partial
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
92 CVE-2019-11568 434 2019-04-27 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.
93 CVE-2019-11567 89 Sql 2019-04-27 2019-04-29
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI.
94 CVE-2019-11557 352 Dir. Trav. CSRF File Inclusion 2019-04-26 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
95 CVE-2019-11542 119 Overflow 2019-04-25 2019-04-29
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
96 CVE-2019-11539 77 Exec Code 2019-04-25 2019-04-29
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
97 CVE-2019-11518 89 Sql 2019-04-25 2019-04-26
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete.
98 CVE-2019-11510 275 2019-05-08 2019-05-10
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
99 CVE-2019-11509 284 Exec Code 2019-06-03 2019-06-04
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
100 CVE-2019-11508 22 Exec Code Dir. Trav. 2019-05-08 2019-05-09
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.