Vulnerabilities (CVE)

Filter

128613 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16681 2019-09-21 N/A
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS.
CVE-2019-16680 2019-09-21 N/A
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
CVE-2019-16679 2019-09-21 N/A
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
CVE-2019-16678 2019-09-21 N/A
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.
CVE-2019-16677 2019-09-21 N/A
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-11563 1 Sricam 1 Deviceviewer 2019-09-21 7.5
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-16669 2019-09-21 N/A
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.
CVE-2019-16660 2019-09-21 N/A
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.
CVE-2019-16655 2019-09-21 N/A
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.
CVE-2019-16658 2019-09-21 N/A
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.
CVE-2019-16657 2019-09-21 N/A
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
CVE-2019-16656 2019-09-21 N/A
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.
CVE-2019-16659 2019-09-21 N/A
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.
CVE-2019-16664 2019-09-21 N/A
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.
CVE-2019-16661 2019-09-21 N/A
Ogma CMS 0.5 has XSS via creation of a new blog.
CVE-2019-16665 2019-09-21 N/A
An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.
CVE-2019-16650 2019-09-21 N/A
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media...
CVE-2019-16649 2019-09-21 N/A
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use...
CVE-2015-9400 1 Typomedia 1 Wordpress Meta Robots 2019-09-20 6.5
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
CVE-2016-7398 1 Php 1 Ext-http 2019-09-20 7.5
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary...