CVE-2019-17613 CVSS:0.0
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17612 CVSS:0.0
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17395 CVSS:0.0
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17223 CVSS:4.3
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17602 CVSS:0.0
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17601 CVSS:0.0
In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP CONNECT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19862 and CVE-2018-19861. NOTE: this product is discontinued. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17600 CVSS:10.0
Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrator login name and password because v1/system/user is mishandled. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17398 CVSS:0.0
In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17397 CVSS:5.0
In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17396 CVSS:0.0
In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. (Last Update:2019-10-15) (Publish Update:2019-10-15)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com