Total
859 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17605 | 1 Eyecomms | 1 Eyecms | 2024-11-21 | 8.8 High |
| A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed. | ||||
| CVE-2019-17604 | 1 Eyecomms | 1 Eyecms | 2024-11-21 | 4.3 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter). | ||||
| CVE-2019-17574 | 1 Code-atlantic | 1 Popup Maker | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file"). | ||||
| CVE-2019-17382 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 9.1 Critical |
| An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. | ||||
| CVE-2019-17050 | 1 Thecontrolgroup | 1 Voyager | 2024-11-21 | 7.2 High |
| An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. | ||||
| CVE-2019-16723 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.3 Medium |
| In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter. | ||||
| CVE-2019-16546 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 5.9 Medium |
| Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | ||||
| CVE-2019-16403 | 1 Webkul | 1 Bagisto | 2024-11-21 | 8.8 High |
| In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. | ||||
| CVE-2019-15913 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages. | ||||
| CVE-2019-15815 | 1 Zyxel | 2 2.00\(abbx.3\), P-1302-t10d | 2024-11-21 | 6.5 Medium |
| ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. | ||||
| CVE-2019-15725 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. | ||||
| CVE-2019-15582 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment. | ||||
| CVE-2019-15581 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules. | ||||
| CVE-2019-15310 | 1 Linkplay | 1 Linkplay | 2024-11-21 | 9.8 Critical |
| An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled. | ||||
| CVE-2019-14932 | 1 Humanica | 1 Humatrix 7 | 2024-11-21 | N/A |
| The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data. | ||||
| CVE-2019-14725 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. | ||||
| CVE-2019-14724 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 7.5 High |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | ||||
| CVE-2019-14721 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.5 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | ||||
| CVE-2019-14246 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 6.5 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. | ||||
| CVE-2019-14245 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 6.5 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. | ||||