Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-14347 |
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. Published: August 06, 2019; 1:15:43 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2019-12950 |
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload. Published: August 06, 2019; 1:15:43 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-14697 |
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. Published: August 06, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-14696 |
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter. Published: August 06, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14346 |
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password. Published: August 06, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 4.3 MEDIUM |
CVE-2019-14695 |
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled. Published: August 06, 2019; 10:15:12 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-10797 |
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). Published: August 06, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-10796 |
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). Published: August 06, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-10795 |
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). Published: August 06, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10794 |
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). Published: August 06, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-10793 |
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). Published: August 06, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-10792 |
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). Published: August 06, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-10791 |
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). Published: August 06, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-14692 |
AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. Published: August 06, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14691 |
AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. Published: August 06, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14690 |
AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. Published: August 06, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-10790 |
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). Published: August 06, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-10789 |
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). Published: August 06, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-10788 |
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). Published: August 06, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2016-10787 |
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). Published: August 06, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |