CVE-2019-17613 CVSS:0.0
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17612 CVSS:0.0
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17395 CVSS:0.0
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17223 CVSS:4.3
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-5700 CVSS:7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. (Last Update:2019-10-15) (Publish Update:2019-10-09)
CVE-2019-5699 CVSS:7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges. (Last Update:2019-10-15) (Publish Update:2019-10-09)
CVE-2019-5507 CVSS:2.1
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. (Last Update:2019-10-15) (Publish Update:2019-10-09)
CVE-2019-3980 CVSS:10.0
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account. (Last Update:2019-10-15) (Publish Update:2019-10-08)
CVE-2019-3653 CVSS:2.1
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool. (Last Update:2019-10-15) (Publish Update:2019-10-09)
CVE-2019-3652 CVSS:4.6
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer. (Last Update:2019-10-15) (Publish Update:2019-10-09)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by