| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-16681 |
|
|
2019-09-21 |
N/A |
| The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS. |
| CVE-2019-16680 |
|
|
2019-09-21 |
N/A |
| An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. |
| CVE-2019-16679 |
|
|
2019-09-21 |
N/A |
| Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. |
| CVE-2019-16678 |
|
|
2019-09-21 |
N/A |
| admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. |
| CVE-2019-16677 |
|
|
2019-09-21 |
N/A |
| An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. |
| CVE-2019-11563 |
1 Sricam |
1 Deviceviewer |
2019-09-21 |
7.5 |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. |
| CVE-2019-16669 |
|
|
2019-09-21 |
N/A |
| The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. |
| CVE-2019-16660 |
|
|
2019-09-21 |
N/A |
| joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. |
| CVE-2019-16655 |
|
|
2019-09-21 |
N/A |
| joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. |
| CVE-2019-16658 |
|
|
2019-09-21 |
N/A |
| TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. |
| CVE-2019-16657 |
|
|
2019-09-21 |
N/A |
| TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. |
| CVE-2019-16656 |
|
|
2019-09-21 |
N/A |
| joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. |
| CVE-2019-16659 |
|
|
2019-09-21 |
N/A |
| TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. |
| CVE-2019-16664 |
|
|
2019-09-21 |
N/A |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. |
| CVE-2019-16661 |
|
|
2019-09-21 |
N/A |
| Ogma CMS 0.5 has XSS via creation of a new blog. |
| CVE-2019-16665 |
|
|
2019-09-21 |
N/A |
| An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. |
| CVE-2019-16650 |
|
|
2019-09-21 |
N/A |
| On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media... |
| CVE-2019-16649 |
|
|
2019-09-21 |
N/A |
| On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use... |
| CVE-2015-9400 |
1 Typomedia |
1 Wordpress Meta Robots |
2019-09-20 |
6.5 |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. |
| CVE-2016-7398 |
1 Php |
1 Ext-http |
2019-09-20 |
7.5 |
| A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary... |
