National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,315 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2010-5340

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.

Published: October 11, 2019; 07:15:09 AM -04:00
(not available)
CVE-2010-5339

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.

Published: October 11, 2019; 07:15:09 AM -04:00
(not available)
CVE-2010-5338

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.

Published: October 11, 2019; 07:15:09 AM -04:00
(not available)
CVE-2010-5337

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.

Published: October 11, 2019; 07:15:09 AM -04:00
(not available)
CVE-2010-5336

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.

Published: October 11, 2019; 07:15:09 AM -04:00
(not available)
CVE-2010-5335

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

Published: October 11, 2019; 07:15:09 AM -04:00
(not available)
CVE-2010-5334

IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be exploited to browse the partition where IceWarp is installed (or the whole system) and read arbitrary files.

Published: October 11, 2019; 07:15:08 AM -04:00
(not available)
CVE-2019-17497

Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.

Published: October 10, 2019; 08:15:10 PM -04:00
(not available)
CVE-2019-17496

Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.

Published: October 10, 2019; 08:15:10 PM -04:00
(not available)
CVE-2019-17495

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.

Published: October 10, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-17494

laravel-bjyblog 6.1.1 has XSS via a crafted URL.

Published: October 10, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-17493

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.

Published: October 10, 2019; 05:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17491

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.

Published: October 10, 2019; 05:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17490

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.

Published: October 10, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-17489

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.

Published: October 10, 2019; 05:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-17488

b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.

Published: October 10, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-17386

The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.

Published: October 10, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-9534

The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.

Published: October 10, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-9533

The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.

Published: October 10, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-9532

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.

Published: October 10, 2019; 04:15:11 PM -04:00
(not available)