CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4201 CVE-2019-16318 434 Bypass 2019-09-14 2019-09-17
6.5
None Remote Low ??? Partial Partial Partial
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
4202 CVE-2019-16317 502 2019-09-14 2019-09-17
6.5
None Remote Low ??? Partial Partial Partial
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.
4203 CVE-2019-16311 352 CSRF 2019-09-14 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
NIUSHOP V1.11 has CSRF via search_info to index.php.
4204 CVE-2019-16305 77 Exec Code 2019-09-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.
4205 CVE-2019-16294 787 DoS Exec Code 2019-09-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
4206 CVE-2019-16293 78 Exec Code 2019-09-13 2019-09-13
6.5
None Remote Low ??? Partial Partial Partial
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
4207 CVE-2019-16277 787 Overflow 2019-09-13 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.
4208 CVE-2019-16255 94 2019-11-26 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
4209 CVE-2019-16212 Bypass 2020-09-25 2020-10-06
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.
4210 CVE-2019-16186 276 2019-09-09 2019-09-10
6.5
None Remote Low ??? Partial Partial Partial
In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.
4211 CVE-2019-16185 276 2019-09-09 2019-09-10
6.5
None Remote Low ??? Partial Partial Partial
In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.
4212 CVE-2019-16174 611 Exec Code 2019-09-09 2019-09-10
6.8
None Remote Medium Not required Partial Partial Partial
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.
4213 CVE-2019-16155 2020-02-07 2020-08-24
6.6
None Local Low Not required None Complete Complete
A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite.
4214 CVE-2019-16152 20 DoS 2020-02-06 2020-02-12
6.8
None Remote Low ??? None None Complete
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.
4215 CVE-2019-16131 434 2019-09-09 2019-09-10
6.5
None Remote Low ??? Partial Partial Partial
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
4216 CVE-2019-16127 190 Overflow 2020-10-22 2020-10-30
6.4
None Remote Low Not required Partial Partial None
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
4217 CVE-2019-16120 1236 2019-09-08 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
4218 CVE-2019-16115 125 DoS 2019-09-08 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
4219 CVE-2019-16113 94 Exec Code 2019-09-08 2020-07-27
6.5
None Remote Low ??? Partial Partial Partial
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
4220 CVE-2019-16112 502 Exec Code 2020-05-13 2020-05-15
6.5
None Remote Low ??? Partial Partial Partial
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.
4221 CVE-2019-16110 Exec Code 2019-11-14 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream.
4222 CVE-2019-16099 352 CSRF 2019-09-08 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.
4223 CVE-2019-16071 269 Bypass 2020-03-20 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Enigma NMS 65.0.0 and prior allows administrative users to create low-privileged accounts that do not have the ability to modify any settings in the system, only view the components. However, it is possible for a low-privileged user to perform all actions as an administrator by bypassing authorization controls and sending requests to the server in the context of an administrator.
4224 CVE-2019-16068 352 XSS CSRF 2020-03-19 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.
4225 CVE-2019-16061 276 2020-03-19 2020-03-23
6.5
None Remote Low ??? Partial Partial Partial
A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data (e.g., .htpasswd) and create/modify/delete content (e.g., under /var/www/html/docs) within the operating system.
4226 CVE-2019-16059 352 CSRF 2019-09-06 2019-09-09
6.8
None Remote Medium Not required Partial Partial Partial
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page.
4227 CVE-2019-16029 20 DoS 2020-01-26 2020-01-31
6.4
None Remote Low Not required None Partial Partial
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.
4228 CVE-2019-16004 306 Bypass 2020-09-23 2020-09-28
6.4
None Remote Low Not required Partial Partial None
A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.
4229 CVE-2019-15972 89 Sql 2019-11-26 2019-12-09
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.
4230 CVE-2019-15966 20 DoS 2019-11-05 2019-11-07
6.8
None Remote Low ??? None None Complete
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.
4231 CVE-2019-15962 276 2019-10-16 2019-10-22
6.6
None Local Low Not required None Complete Complete
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by logging in as the remotesupport user and writing files to the /root directory of an affected device.
4232 CVE-2019-15960 269 +Priv 2019-11-26 2019-12-12
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in the Webex Network Recording Admin page of Cisco Webex Meetings could allow an authenticated, remote attacker to elevate privileges in the context of the affected page. To exploit this vulnerability, the attacker must be logged in as a low-level administrator. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by submitting a crafted URL request to gain privileged access in the context of the affected page. A successful exploit could allow the attacker to elevate privileges in the Webex Recording Admin page, which could allow them to view or delete recordings that they would not normally be able to access.
4233 CVE-2019-15956 DoS +Priv 2019-11-26 2020-10-16
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.
4234 CVE-2019-15953 862 2019-09-05 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.
4235 CVE-2019-15952 22 Exec Code +Priv Dir. Trav. 2019-09-05 2019-09-06
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension.
4236 CVE-2019-15943 787 DoS Exec Code 2019-09-19 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
4237 CVE-2019-15942 252 2019-09-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
4238 CVE-2019-15934 352 CSRF 2019-12-12 2019-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Intesync Solismed 3.3sp has CSRF.
4239 CVE-2019-15917 416 2019-09-04 2020-03-09
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
4240 CVE-2019-15893 Exec Code 2019-10-16 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
4241 CVE-2019-15873 94 Exec Code 2019-09-03 2019-09-05
6.5
None Remote Low ??? Partial Partial Partial
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
4242 CVE-2019-15868 352 CSRF 2019-09-03 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
The affiliates-manager plugin before 2.6.6 for WordPress has CSRF.
4243 CVE-2019-15867 798 2019-09-03 2019-09-06
6.5
None Remote Low ??? Partial Partial Partial
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.
4244 CVE-2019-15866 434 2019-09-03 2019-09-05
6.5
None Remote Low ??? Partial Partial Partial
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
4245 CVE-2019-15865 352 CSRF 2019-09-03 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.
4246 CVE-2019-15858 306 Exec Code XSS 2019-09-03 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
4247 CVE-2019-15855 22 DoS Dir. Trav. 2020-01-17 2020-01-28
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service.
4248 CVE-2019-15854 2020-01-17 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource.
4249 CVE-2019-15845 2019-11-26 2020-08-24
6.4
None Remote Low Not required Partial Partial None
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
4250 CVE-2019-15841 352 CSRF 2019-08-30 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.
Total number of vulnerabilities : 22306   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 (This Page)86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.