Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-16681 |
The Traveloka application 3.14.0 for Android exports com.traveloka.android.activity.common.WebViewActivity, leading to the opening of arbitrary URLs, which can inject deceptive content into the UI. (When in physical possession of the device, opening local files is also possible.) NOTE: As of 2019-09-23, the vendor has not agreed that this issue has serious impact. The vendor states that the issue is not critical because it does not allow Elevation of Privilege, Sensitive Data Leakage, or any critical unauthorized activity from a malicious user. The vendor also states that a victim must first install a malicious APK to their application. Published: September 21, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2019-16680 |
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. Published: September 21, 2019; 5:15:10 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 2.6 LOW |
CVE-2019-16679 |
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. Published: September 21, 2019; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-16678 |
admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. Published: September 21, 2019; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16677 |
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. Published: September 21, 2019; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-16669 |
The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. Published: September 21, 2019; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-16665 |
An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16664 |
An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16661 |
Ogma CMS 0.5 has XSS via creation of a new blog. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16660 |
joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-16659 |
TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-16658 |
TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-16657 |
TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16656 |
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. Published: September 21, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-16655 |
joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. Published: September 21, 2019; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 6.4 MEDIUM |
CVE-2019-16650 |
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. Published: September 20, 2019; 10:15:11 PM -0400 |
V4.0:(not available) V3.1: 10.0 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-16649 |
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. Published: September 20, 2019; 10:15:11 PM -0400 |
V4.0:(not available) V3.1: 10.0 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2019-6650 |
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. Published: September 20, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 5.8 MEDIUM |
CVE-2019-6649 |
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. Published: September 20, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 5.8 MEDIUM |
CVE-2019-6145 |
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. Published: September 20, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |