CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-639

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-17050 639 2019-09-30 2019-10-04
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.
2 CVE-2019-16723 639 Bypass 2019-09-23 2019-09-23
4.0
None Remote Low Single system Partial None None
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
3 CVE-2019-14725 639 2019-09-11 2019-09-12
4.0
None Remote Low Single system None Partial None
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
4 CVE-2019-14724 639 2019-09-11 2019-09-12
5.0
None Remote Low Not required None Partial None
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
5 CVE-2019-14721 639 2019-09-10 2019-09-12
5.5
None Remote Low Single system None Partial Partial
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.
6 CVE-2018-16608 639 2018-09-10 2019-10-02
4.0
None Remote Low Single system Partial None None
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
7 CVE-2018-10211 639 2018-04-25 2019-10-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
8 CVE-2017-15211 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
9 CVE-2017-15209 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
10 CVE-2017-15208 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
11 CVE-2017-15207 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
12 CVE-2017-15206 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
13 CVE-2017-15204 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
14 CVE-2017-15203 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
15 CVE-2017-15202 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
16 CVE-2017-15201 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
17 CVE-2017-15200 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
18 CVE-2017-15199 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
19 CVE-2017-15197 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
20 CVE-2017-15196 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
21 CVE-2017-15195 639 2017-10-10 2019-10-02
4.0
None Remote Low Single system None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
22 CVE-2017-0936 639 Bypass 2018-03-28 2019-10-09
4.9
None Remote Medium Single system None Partial Partial
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.
Total number of vulnerabilities : 22   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.