National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,435 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2019-3987

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter.

Published: December 11, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-3986

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter.

Published: December 11, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter.

Published: December 11, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-3983

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections.

Published: December 11, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-18245

Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application.

Published: December 11, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-18232

SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system.

Published: December 11, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-17087

Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.

Published: December 11, 2019; 06:15:10 PM -05:00
(not available)
CVE-2019-0405

SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.

Published: December 11, 2019; 05:15:12 PM -05:00
(not available)
CVE-2019-0404

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.

Published: December 11, 2019; 05:15:12 PM -05:00
(not available)
CVE-2019-0403

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection.

Published: December 11, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-0402

SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.

Published: December 11, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-0399

SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.

Published: December 11, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-0398

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.

Published: December 11, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-0395

SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.

Published: December 11, 2019; 05:15:11 PM -05:00
(not available)
CVE-2019-19729

An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.

Published: December 11, 2019; 03:15:11 PM -05:00
(not available)
CVE-2019-19374

An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. (This is related to an information disclosure issue within the File Upload field type that allows users to view the full path to uploaded files, including the product's web root directory.)

Published: December 11, 2019; 03:15:10 PM -05:00
(not available)
CVE-2019-19373

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. This unserialization can be used to trigger the inclusion of arbitrary files on the filesystem (local file inclusion), and results in remote code execution.

Published: December 11, 2019; 03:15:10 PM -05:00
(not available)
CVE-2014-7257

SQL injection vulnerability in DBD::PgPP 0.05 and earlier

Published: December 11, 2019; 02:15:13 PM -05:00
(not available)
CVE-2013-5978

Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.

Published: December 11, 2019; 02:15:12 PM -05:00
(not available)
CVE-2013-5743

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

Published: December 11, 2019; 02:15:12 PM -05:00
(not available)