CVE-2019-17602 CVSS:0.0
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17612 CVSS:0.0
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-17613 CVSS:0.0
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in the content parameter. (Last Update:2019-10-15) (Publish Update:2019-10-15)
CVE-2019-14227 CVSS:0.0
OX App Suite 7.10.1 and 7.10.2 allows XSS. (Last Update:2019-10-15) (Publish Update:2019-10-14)
CVE-2019-16278 CVSS:0.0
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. (Last Update:2019-10-15) (Publish Update:2019-10-14)
CVE-2019-16279 CVSS:0.0
Directory Traversal in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. (Last Update:2019-10-15) (Publish Update:2019-10-14)
CVE-2019-16282 CVSS:0.0
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript. (Last Update:2019-10-15) (Publish Update:2019-10-14)
CVE-2019-16344 CVSS:0.0
A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. (Last Update:2019-10-15) (Publish Update:2019-10-14)
CVE-2019-17552 CVSS:0.0
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. (Last Update:2019-10-15) (Publish Update:2019-10-14)
CVE-2019-17553 CVSS:0.0
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. (Last Update:2019-10-15) (Publish Update:2019-10-14)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com