National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,984 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-16679

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.

Published: September 21, 2019; 04:15:10 PM -04:00
(not available)
CVE-2019-16678

admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.

Published: September 21, 2019; 04:15:10 PM -04:00
(not available)
CVE-2019-16677

An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.

Published: September 21, 2019; 04:15:10 PM -04:00
(not available)
CVE-2019-16669

The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts.

Published: September 21, 2019; 03:15:10 PM -04:00
(not available)
CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16661

Ogma CMS 0.5 has XSS via creation of a new blog.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16660

joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16659

TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16658

TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16656

joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database.

Published: September 21, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-16655

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.

Published: September 21, 2019; 02:15:10 PM -04:00
(not available)
CVE-2019-16650

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

Published: September 20, 2019; 10:15:11 PM -04:00
(not available)
CVE-2019-16649

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Published: September 20, 2019; 10:15:11 PM -04:00
(not available)
CVE-2019-6650

F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.

Published: September 20, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-6649

F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.

Published: September 20, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-6145

Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us.

Published: September 20, 2019; 04:15:11 PM -04:00
(not available)
CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.

Published: September 20, 2019; 04:15:11 PM -04:00
(not available)
CVE-2015-9406

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php.

Published: September 20, 2019; 04:15:10 PM -04:00
(not available)