Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-7436 |
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-7435 |
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-7434 |
PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-7433 |
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-7432 |
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-7431 |
PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-7430 |
PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-7429 |
PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-7425 |
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7424 |
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7423 |
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7422 |
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7421 |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. Published: March 21, 2019; 12:01:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7420 |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. Published: March 21, 2019; 12:01:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7419 |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. Published: March 21, 2019; 12:01:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7418 |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. Published: March 21, 2019; 12:01:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7417 |
XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. Published: March 21, 2019; 12:01:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7416 |
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. Published: March 21, 2019; 12:01:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-7391 |
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. Published: March 21, 2019; 12:01:12 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-7386 |
A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device. Published: March 21, 2019; 12:01:12 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 7.1 HIGH |