CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-17369 |
1 Otcms |
1 Otcms |
2019-10-16 |
4.3 |
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin. |
CVE-2015-9474 |
1 Simpolio Project |
1 Simpolio |
2019-10-16 |
6.5 |
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. |
CVE-2019-17426 |
1 Mongoosejs |
1 Mongoose |
2019-10-16 |
6.4 |
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter.... |
CVE-2015-9475 |
1 Pont Project |
1 Pont |
2019-10-16 |
6.5 |
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. |
CVE-2019-17320 |
1 Netsarang |
1 Xftp |
2019-10-16 |
7.5 |
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a... |
CVE-2019-17505 |
1 Dlink |
1 Dap-1320 A2 Firmware |
2019-10-16 |
5.0 |
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or... |
CVE-2019-17508 |
1 Dlink |
2 Dir-850l A Firmware, Dir-859 A3 Firmware |
2019-10-16 |
10.0 |
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable. |
CVE-2019-17059 |
1 Sophos |
1 Cyberoamos |
2019-10-16 |
10.0 |
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. |
CVE-2016-6087 |
1 Ibm |
1 Domino |
2019-10-16 |
5.0 |
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. |
CVE-2016-11014 |
|
|
2019-10-16 |
N/A |
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. |
CVE-2016-11015 |
|
|
2019-10-16 |
N/A |
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. |
CVE-2016-11016 |
|
|
2019-10-16 |
N/A |
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. |
CVE-2019-13392 |
|
|
2019-10-16 |
N/A |
A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it... |
CVE-2019-17395 |
|
|
2019-10-16 |
N/A |
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. |
CVE-2019-17612 |
|
|
2019-10-16 |
N/A |
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&c=Ad&a=category sort parameter. |
CVE-2019-17613 |
|
|
2019-10-16 |
N/A |
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access... |
CVE-2019-17624 |
|
|
2019-10-16 |
N/A |
In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. |
CVE-2019-17625 |
|
|
2019-10-16 |
N/A |
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a... |
CVE-2019-17626 |
|
|
2019-10-16 |
N/A |
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. |
CVE-2019-17627 |
|
|
2019-10-16 |
N/A |
The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on... |