IDCVSSSummaryLast (major) updatePublished
CVE-2019-9649 None
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file o
22-03-2019 - 16:29 22-03-2019 - 16:29
CVE-2019-1766 None
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS)
22-03-2019 - 16:29 22-03-2019 - 16:29
CVE-2019-1765 None
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to i
22-03-2019 - 16:29 22-03-2019 - 16:29
CVE-2019-1764 None
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerabilit
22-03-2019 - 16:29 22-03-2019 - 16:29
CVE-2019-1763 None
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial o
22-03-2019 - 16:29 22-03-2019 - 16:29
CVE-2019-1716 None
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condi
22-03-2019 - 16:29 22-03-2019 - 16:29
CVE-2018-20165 None
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
22-03-2019 - 16:29 22-03-2019 - 16:29
CVE-2019-9648 None
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned i
22-03-2019 - 15:29 22-03-2019 - 15:29
CVE-2019-4052 None
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
22-03-2019 - 15:29 22-03-2019 - 15:29
CVE-2019-4035 None
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will d
22-03-2019 - 15:29 22-03-2019 - 15:29
CVE-2019-9939 None
The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-exis
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9938 None
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9937 None
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9936 None
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9927 7.5
Caret before 2019-02-22 allows Remote Code Execution.
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9925 4.3
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9924 None
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9923 None
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
22-03-2019 - 04:29 22-03-2019 - 04:29
CVE-2019-9915 5.8
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2019-9914 None
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2019-9913 4.3
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2019-9912 4.3
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2019-9911 None
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2019-9910 None
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2019-9909 None
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2019-9908 None
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.
21-03-2019 - 20:29 21-03-2019 - 20:29
CVE-2018-18913 None
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take
21-03-2019 - 18:29 21-03-2019 - 18:29
CVE-2019-8351 None
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2019-7539 None
A code injection issue was discovered in ipycache through 2016-05-31.
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2019-3871 None
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a re
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2019-3858 None
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client mem
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2019-3855 None
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system wh
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2018-20034 None
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, c
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2018-20032 None
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing t
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2018-20031 None
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, c
21-03-2019 - 17:29 21-03-2019 - 17:29
CVE-2019-7537 None
An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution.
21-03-2019 - 16:29 21-03-2019 - 16:29
CVE-2015-6458 None
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.
21-03-2019 - 16:29 21-03-2019 - 16:29
CVE-2015-6457 None
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.
21-03-2019 - 16:29 21-03-2019 - 16:29
CVE-2019-5490 None
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section
21-03-2019 - 15:29 21-03-2019 - 15:29
CVE-2018-13798 None
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an una
21-03-2019 - 15:29 21-03-2019 - 15:29
CVE-2015-6462 None
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BM
21-03-2019 - 15:29 21-03-2019 - 15:29
CVE-2015-6461 None
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H P
21-03-2019 - 15:29 21-03-2019 - 15:29
CVE-2019-9904 None
An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
21-03-2019 - 14:29 21-03-2019 - 14:29
CVE-2019-9903 None
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
21-03-2019 - 14:29 21-03-2019 - 14:29
CVE-2019-8997 None
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make request
21-03-2019 - 14:29 21-03-2019 - 14:29
CVE-2019-9896 4.6
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
21-03-2019 - 13:56 21-03-2019 - 12:01
CVE-2019-9894 6.4
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
21-03-2019 - 13:54 21-03-2019 - 12:01
CVE-2018-19276 10.0
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
21-03-2019 - 13:48 21-03-2019 - 12:00
CVE-2019-9897 5.0
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
21-03-2019 - 13:36 21-03-2019 - 12:01
CVE-2019-7238 None
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
21-03-2019 - 13:29 21-03-2019 - 13:29
Back to Top Mark selected
Back to Top