National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,862 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-18387

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

Published: October 23, 2019; 07:15:12 PM -04:00
(not available)
CVE-2019-18213

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.

Published: October 23, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-18212

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.

Published: October 23, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-8238

Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

Published: October 23, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-8237

Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 2019.012.20035 and earlier versions; 2017.011.30142 and earlier versions; 2017.011.30143 and earlier versions; 2015.006.30497 and earlier versions; 2015.006.30498 and earlier versions have an Insufficiently Robust Encryption vulnerability. Successful exploitation could lead to Security feature bypass in the context of the current user.

Published: October 23, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-8236

Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.

Published: October 23, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-18385

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.

Published: October 23, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-18384

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.

Published: October 23, 2019; 05:15:11 PM -04:00
(not available)
CVE-2019-18383

An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission.

Published: October 23, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-18382

An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.

Published: October 23, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-18371

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.

Published: October 23, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-18370

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed.

Published: October 23, 2019; 05:15:10 PM -04:00
(not available)
CVE-2019-18359

A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.

Published: October 23, 2019; 04:15:14 PM -04:00
(not available)
CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Published: October 23, 2019; 04:15:12 PM -04:00
(not available)
CVE-2019-9597

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-9596

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whitelisteddomains endpoint.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-6144

This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-3982

Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.

Published: October 23, 2019; 03:15:12 PM -04:00
(not available)
CVE-2019-18357

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).

Published: October 23, 2019; 03:15:11 PM -04:00
(not available)
CVE-2019-18356

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).

Published: October 23, 2019; 03:15:11 PM -04:00
(not available)