National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,996 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-16705

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.

Published: September 23, 2019; 01:15:10 AM -04:00
(not available)
CVE-2019-16704

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.

Published: September 23, 2019; 12:15:10 AM -04:00
(not available)
CVE-2019-16703

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.

Published: September 23, 2019; 12:15:10 AM -04:00
(not available)
CVE-2019-16702

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.

Published: September 22, 2019; 11:15:10 PM -04:00
(not available)
CVE-2019-16696

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:14 AM -04:00
(not available)
CVE-2019-16695

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:14 AM -04:00
(not available)
CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:13 AM -04:00
(not available)
CVE-2019-16693

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:13 AM -04:00
(not available)
CVE-2019-16692

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:13 AM -04:00
(not available)
CVE-2018-21018

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.

Published: September 22, 2019; 11:15:13 AM -04:00
(not available)
CVE-2019-16681

** DISPUTED ** The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to file disclosure and XSS. NOTE: the vendor's position is that no file content becomes accessible to other applications on the device.

Published: September 21, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-16680

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Published: September 21, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-16679

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.

Published: September 21, 2019; 04:15:10 PM -04:00
(not available)
CVE-2019-16678

admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.

Published: September 21, 2019; 04:15:10 PM -04:00
(not available)
CVE-2019-16677

An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.

Published: September 21, 2019; 04:15:10 PM -04:00
(not available)
CVE-2019-16669

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.

Published: September 21, 2019; 03:15:10 PM -04:00
(not available)
CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16661

Ogma CMS 0.5 has XSS via creation of a new blog.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16660

joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)