CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2019-12887 284 2019-06-27 2019-07-01
6.8
None Remote Medium Not required Partial Partial Partial
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).
1002 CVE-2019-12872 89 Sql 2019-06-18 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
dotCMS before 5.1.6 is vulnerable to a SQL injection that can be exploited by an attacker of the role Publisher via view_unpushed_bundles.jsp.
1003 CVE-2019-12871 416 Exec Code 2019-06-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
1004 CVE-2019-12870 824 Exec Code 2019-06-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Uninitialized Pointer and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
1005 CVE-2019-12869 125 Exec Code 2019-06-24 2019-06-27
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation.
1006 CVE-2019-12868 502 Exec Code 2019-06-17 2019-06-18
6.5
None Remote Low Single system Partial Partial Partial
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
1007 CVE-2019-12851 352 CSRF 2019-07-03 2019-07-10
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability was detected in one of the admin endpoints of JetBrains YouTrack. The issue was fixed in YouTrack 2018.4.49852.
1008 CVE-2019-12839 77 Exec Code 2019-06-15 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
1009 CVE-2019-12836 352 2019-06-21 2019-06-25
6.8
None Remote Medium Not required Partial Partial Partial
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover.
1010 CVE-2019-12831 20 2019-06-15 2019-06-17
6.5
None Remote Low Single system Partial Partial Partial
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.
1011 CVE-2019-12828 19 Exec Code 2019-06-14 2019-06-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
1012 CVE-2019-12826 352 Exec Code CSRF 2019-07-01 2019-07-31
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.
1013 CVE-2019-12817 119 Overflow 2019-06-25 2019-06-28
6.9
None Local Medium Not required Complete Complete Complete
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
1014 CVE-2019-12816 264 Exec Code 2019-06-15 2019-06-20
6.5
None Remote Low Single system Partial Partial Partial
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
1015 CVE-2019-12810 787 Exec Code Mem. Corr. 2019-08-30 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.
1016 CVE-2019-12809 20 Exec Code 2019-08-15 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution.
1017 CVE-2019-12807 119 Exec Code Overflow 2019-08-13 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code.
1018 CVE-2019-12806 119 Exec Code Overflow 2019-08-13 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets.
1019 CVE-2019-12805 77 Exec Code 2019-08-09 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.
1020 CVE-2019-12802 119 DoS Overflow 2019-06-13 2019-07-16
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).
1021 CVE-2019-12799 502 Exec Code Bypass 2019-06-13 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch.
1022 CVE-2019-12794 255 2019-06-11 2019-06-11
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.
1023 CVE-2019-12790 125 DoS 2019-06-10 2019-07-16
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 through 3.5.1, there is a heap-based buffer over-read in the r_egg_lang_parsechar function of egg_lang.c. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of missing length validation in libr/egg/egg.c.
1024 CVE-2019-12788 119 Overflow 2019-06-10 2019-06-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
1025 CVE-2019-12787 91 2019-06-10 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key.
1026 CVE-2019-12786 77 2019-06-10 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key.
1027 CVE-2019-12779 59 2019-06-07 2019-07-19
6.6
None Local Low Not required None Complete Complete
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
1028 CVE-2019-12760 502 Exec Code 2019-06-06 2019-07-05
6.0
None Remote Medium Single system Partial Partial Partial
** DISPUTED ** A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration."
1029 CVE-2019-12744 77 Exec Code 2019-06-20 2019-06-24
6.0
None Remote Medium Single system Partial Partial Partial
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
1030 CVE-2019-12742 287 2019-06-05 2019-06-06
6.5
None Remote Low Single system Partial Partial Partial
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
1031 CVE-2019-12739 78 Exec Code 2019-06-05 2019-06-06
6.5
None Remote Low Single system Partial Partial Partial
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).
1032 CVE-2019-12728 669 2019-06-04 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
1033 CVE-2019-12711 611 DoS 2019-10-02 2019-10-09
6.4
None Remote Low Not required Partial None Partial
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.
1034 CVE-2019-12700 400 DoS 2019-10-02 2019-10-11
6.8
None Remote Low Single system None None Complete
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.
1035 CVE-2019-12624 352 CSRF 2019-08-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.
1036 CVE-2019-12591 77 2019-06-03 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.
1037 CVE-2019-12583 264 DoS 2019-06-27 2019-06-28
6.4
None Remote Low Not required None Partial Partial
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. This can lead to unauthorised network access or Denial of Service.
1038 CVE-2019-12573 59 DoS 2019-07-11 2019-07-16
6.6
None Local Low Not required None Complete Complete
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpn_launcher binary is setuid root. This binary supports the --log option, which accepts a path as an argument. This parameter is not sanitized, which allows a local unprivileged user to overwrite arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user.
1039 CVE-2019-12571 59 DoS 2019-07-11 2019-07-16
6.6
None Local Low Not required None Complete Complete
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists, it will be truncated and the contents completely overwritten. This file is removed on disconnect. An unprivileged user can create a hard or soft link to arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user.
1040 CVE-2019-12570 89 Exec Code Sql 2019-07-03 2019-07-05
6.5
None Remote Low Single system Partial Partial Partial
A SQL injection vulnerability in the Xpert Solution "Server Status by Hostname/IP" plugin 4.6 for WordPress allows an authenticated user to execute arbitrary SQL commands via GET parameters.
1041 CVE-2019-12548 94 Exec Code 2019-06-03 2019-06-04
6.5
None Remote Low Single system Partial Partial Partial
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
1042 CVE-2019-12527 119 Overflow 2019-07-11 2019-07-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
1043 CVE-2019-12516 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.
1044 CVE-2019-12483 119 Overflow 2019-05-30 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box.
1045 CVE-2019-12479 22 Dir. Trav. 2019-08-13 2019-08-21
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize user-supplied filenames, then this issue may be exploited to read or write arbitrary files. This affects LocalStorageProvider.cs.
1046 CVE-2019-12466 352 CSRF 2019-07-10 2019-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Wikimedia MediaWiki through 1.32.1 allows CSRF.
1047 CVE-2019-12464 22 Exec Code Dir. Trav. File Inclusion 2019-09-09 2019-09-10
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.
1048 CVE-2019-12463 94 DoS Sql 2019-09-09 2019-09-10
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php and html/graph-realtime.php scripts. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, disclosing file content, denial of service, or writing arbitrary files. NOTE: relative to CVE-2019-10665, this requires authentication and the pathnames differ.
1049 CVE-2019-12448 362 2019-05-29 2019-07-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
1050 CVE-2019-12405 287 2019-09-09 2019-09-26
6.8
None Remote Medium Not required Partial Partial Partial
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.