CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2019-12153 918 2019-06-11 2019-06-17
6.4
None Remote Low Not required Partial Partial None
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
152 CVE-2019-12146 22 Dir. Trav. 2019-06-11 2019-06-12
6.4
None Remote Low Not required Partial Partial None
A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory.
153 CVE-2019-12137 22 Dir. Trav. 2019-05-16 2019-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
154 CVE-2019-12134 74 2019-06-06 2019-06-11
6.5
None Remote Low Single system Partial Partial Partial
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export.
155 CVE-2019-12102 20 2019-05-22 2019-05-23
6.4
None Remote Low Not required Partial Partial None
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI.
156 CVE-2019-12097 264 Exec Code 2019-06-03 2019-06-05
6.8
None Remote Medium Not required Partial Partial Partial
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.
157 CVE-2019-12083 119 Overflow 2019-05-13 2019-05-25
6.8
None Remote Medium Not required Partial Partial Partial
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
158 CVE-2019-11946 310 2019-06-05 2019-06-06
6.8
None Remote Low Single system Complete None None
A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
159 CVE-2019-11896 275 2019-05-29 2019-05-31
6.8
None Remote Medium Not required Partial Partial Partial
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.
160 CVE-2019-11892 284 2019-05-29 2019-05-31
6.8
None Remote Medium Not required Partial Partial Partial
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
161 CVE-2019-11886 352 CSRF 2019-05-13 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.
162 CVE-2019-11875 264 2019-05-24 2019-05-29
6.5
None Remote Low Single system Partial Partial Partial
In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords.
163 CVE-2019-11872 74 Exec Code 2019-05-29 2019-05-30
6.8
None Remote Medium Not required Partial Partial Partial
The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text.
164 CVE-2019-11826 22 Dir. Trav. 2019-06-30 2019-07-02
6.5
None Remote Low Single system Partial Partial Partial
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
165 CVE-2019-11819 74 2019-05-08 2019-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
166 CVE-2019-11816 284 2019-05-20 2019-05-30
6.5
None Remote Low Single system Partial Partial Partial
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request.
167 CVE-2019-11807 284 2019-05-06 2019-05-07
6.4
None Remote Low Not required None Partial Partial
The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.
168 CVE-2019-11770 669 2019-06-14 2019-06-18
6.8
None Remote Medium Not required Partial Partial Partial
In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.
169 CVE-2019-11675 362 2019-05-02 2019-05-03
6.9
None Local Medium Not required Complete Complete Complete
The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server.
170 CVE-2019-11644 264 +Priv 2019-05-17 2019-05-21
6.8
None Remote Medium Not required Partial Partial Partial
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
171 CVE-2019-11642 74 2019-05-08 2019-05-09
6.5
None Remote Low Single system Partial Partial Partial
A log poisoning vulnerability has been discovered in the OneShield Policy (Dragon Core) framework before 5.1.10. Authenticated remote adversaries can poison log files by entering malicious payloads in either headers or form elements. These payloads are then executed via a client side debugging console. This is predicated on the debugging console and Java Bean being made available to the deployed application.
172 CVE-2019-11640 119 Overflow 2019-05-01 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
173 CVE-2019-11639 119 Overflow 2019-05-01 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
174 CVE-2019-11631 434 Exec Code 2019-04-30 2019-05-03
6.5
None Remote Low Single system Partial Partial Partial
Moodle 3.6.3 allows remote authenticated administrators to execute arbitrary PHP code via a ZIP archive, containing a theme_*.php file, to repository/repository_ajax.php?action=upload and admin/tool/installaddon/index.php.
175 CVE-2019-11617 352 CSRF 2019-04-30 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. A remote attacker can exploit this vulnerability for "Google Analytics code" modification.
176 CVE-2019-11615 434 2019-04-30 2019-05-01
6.5
None Remote Low Single system Partial Partial Partial
/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. A remote normal registered user can use this vulnerability to upload backdoor files to control the server.
177 CVE-2019-11612 284 2019-04-30 2019-05-01
6.4
None Remote Low Not required None Partial Partial
doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.
178 CVE-2019-11609 200 +Info 2019-04-30 2019-05-01
6.4
None Remote Low Not required Partial None Partial
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
179 CVE-2019-11608 200 +Info 2019-04-30 2019-05-01
6.4
None Remote Low Not required Partial None Partial
doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information or make the server unserviceable.
180 CVE-2019-11600 89 Exec Code Sql 2019-05-13 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
181 CVE-2019-11599 362 DoS +Info 2019-04-29 2019-05-28
6.9
None Local Medium Not required Complete Complete Complete
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
182 CVE-2019-11595 20 Exec Code 2019-04-29 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
In uBlock before 0.9.5.15, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.
183 CVE-2019-11594 74 Exec Code 2019-04-29 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.
184 CVE-2019-11593 74 Exec Code 2019-04-29 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect.
185 CVE-2019-11591 352 Dir. Trav. CSRF File Inclusion 2019-04-29 2019-05-03
6.8
None Remote Medium Not required Partial Partial Partial
The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
186 CVE-2019-11590 352 Dir. Trav. CSRF File Inclusion 2019-04-29 2019-05-03
6.8
None Remote Medium Not required Partial Partial Partial
The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
187 CVE-2019-11569 352 CSRF 2019-05-06 2019-05-07
6.8
None Remote Medium Not required Partial Partial Partial
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
188 CVE-2019-11568 434 2019-04-27 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.
189 CVE-2019-11567 89 Sql 2019-04-27 2019-04-29
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI.
190 CVE-2019-11557 352 Dir. Trav. CSRF File Inclusion 2019-04-26 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
191 CVE-2019-11542 119 Overflow 2019-04-25 2019-04-29
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
192 CVE-2019-11539 77 Exec Code 2019-04-25 2019-04-29
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
193 CVE-2019-11518 89 Sql 2019-04-25 2019-04-26
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete.
194 CVE-2019-11510 275 2019-05-08 2019-05-10
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
195 CVE-2019-11509 284 Exec Code 2019-06-03 2019-06-04
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3 before 5.3R15.1, 5.4 before 5.4R7.1, and 9.0 before 9.0R3.2, an authenticated attacker (via the admin web interface) can exploit Incorrect Access Control to execute arbitrary code on the appliance.
196 CVE-2019-11508 22 Exec Code Dir. Trav. 2019-05-08 2019-05-09
6.5
None Remote Low Single system Partial Partial Partial
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
197 CVE-2019-11506 119 DoS Overflow 2019-04-24 2019-05-22
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
198 CVE-2019-11505 119 DoS Overflow 2019-04-24 2019-05-22
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
199 CVE-2019-11493 119 Exec Code Overflow 2019-04-26 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled.
200 CVE-2019-11488 284 2019-04-25 2019-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.