CVE List - 2019 / March
Showing 701 - 800 of 1194 CVEs for March 2019 (Page 8 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-9870 | 2019-03-19 | plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. |
| CVE-2019-5722 | 2019-03-19 | An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to a lack of user input validation in parameter handling, it has various SQL injections, including on the login... |
| CVE-2019-5723 | 2019-03-19 | An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwords are stored using reversible encryption rather than as a hash value, and the used Vigenere algorithm is badly outdated.... |
| CVE-2019-5729 | 2019-03-19 | Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. |
| CVE-2019-5885 | 2019-03-19 | Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to... |
| CVE-2019-9877 | 2019-03-19 | There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to... |
| CVE-2019-9878 | 2019-03-19 | There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a... |
| CVE-2019-6116 | 2019-03-19 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. |
| CVE-2019-6272 | 2019-03-19 | Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. |
| CVE-2019-6273 | 2019-03-19 | download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files. |
| CVE-2018-17482 | 2019-03-19 | Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and clicking on reports,... |
| CVE-2018-17483 | 2019-03-19 | Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Reports while in kiosk mode. By visiting the kiosk and viewing the driver's... |
| CVE-2018-17484 | 2019-03-19 | Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in... |
| CVE-2018-17485 | 2019-03-19 | Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. |
| CVE-2018-17486 | 2019-03-19 | Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and... |
| CVE-2018-17487 | 2019-03-19 | Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in... |
| CVE-2018-17488 | 2019-03-19 | Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the... |
| CVE-2018-17489 | 2019-03-19 | EasyLobby Solo could allow a local attacker to obtain sensitive information, caused by the storing of the social security number in plaintext. By visiting the kiosk and viewing the Visitor... |
| CVE-2018-17490 | 2019-03-19 | EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or... |
| CVE-2018-17491 | 2019-03-19 | EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this... |
| CVE-2018-17492 | 2019-03-19 | EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. |
| CVE-2018-17493 | 2019-03-19 | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen... |
| CVE-2018-17494 | 2019-03-19 | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows... |
| CVE-2018-17495 | 2019-03-19 | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the... |
| CVE-2018-17496 | 2019-03-19 | eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker... |
| CVE-2018-17497 | 2019-03-19 | eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. |
| CVE-2018-17499 | 2019-03-19 | Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could... |
| CVE-2018-17500 | 2019-03-19 | Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of hardcoded OAuth Creds in plaintext. An attacker... |
| CVE-2018-17502 | 2019-03-19 | The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the... |
| CVE-2019-6274 | 2019-03-19 | Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences. |
| CVE-2019-6275 | 2019-03-19 | Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. |
| CVE-2019-6727 | 2019-03-19 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6728 | 2019-03-19 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6729 | 2019-03-19 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6730 | 2019-03-19 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6731 | 2019-03-19 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6732 | 2019-03-19 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6733 | 2019-03-19 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6734 | 2019-03-19 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6735 | 2019-03-19 | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2019-6279 | 2019-03-19 | ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. |
| CVE-2019-6282 | 2019-03-19 | ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. |
| CVE-2019-6441 | 2019-03-19 | An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation... |
| CVE-2018-18473 | 2019-03-19 | A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version... |
| CVE-2018-15498 | 2019-03-19 | YSoft SafeQ Server 6 allows a replay attack. |
| CVE-2018-20626 | 2019-03-20 | PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
| CVE-2018-20627 | 2019-03-20 | PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. |
| CVE-2018-20628 | 2019-03-20 | PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
| CVE-2018-20629 | 2019-03-20 | PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
| CVE-2018-20630 | 2019-03-20 | PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
| CVE-2019-0191 | 2019-03-20 | Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths... |
| CVE-2018-20631 | 2019-03-20 | PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. |
| CVE-2018-20632 | 2019-03-20 | PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. |
| CVE-2018-20633 | 2019-03-20 | PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. |
| CVE-2018-20634 | 2019-03-20 | PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field. |
| CVE-2018-20635 | 2019-03-20 | PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
| CVE-2018-20636 | 2019-03-20 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. |
| CVE-2018-20637 | 2019-03-20 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and... |
| CVE-2018-20638 | 2019-03-20 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
| CVE-2018-20639 | 2019-03-20 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. |
| CVE-2018-20640 | 2019-03-20 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. |
| CVE-2018-20641 | 2019-03-20 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. |
| CVE-2018-20642 | 2019-03-20 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. |
| CVE-2018-20643 | 2019-03-20 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
| CVE-2018-20644 | 2019-03-20 | PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. |
| CVE-2018-20645 | 2019-03-20 | PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. |
| CVE-2018-20646 | 2019-03-20 | PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. |
| CVE-2018-20647 | 2019-03-20 | PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. |
| CVE-2018-20648 | 2019-03-20 | PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. |
| CVE-2019-7429 | 2019-03-20 | PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory. |
| CVE-2019-7430 | 2019-03-20 | PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar. |
| CVE-2019-7431 | 2019-03-20 | PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory. |
| CVE-2019-7432 | 2019-03-20 | PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section. |
| CVE-2019-7433 | 2019-03-20 | PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. |
| CVE-2019-7434 | 2019-03-20 | PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. |
| CVE-2019-7435 | 2019-03-20 | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form. |
| CVE-2019-7436 | 2019-03-20 | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. |
| CVE-2019-7437 | 2019-03-20 | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field. |
| CVE-2019-3832 | 2019-03-20 | It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker... |
| CVE-2019-7438 | 2019-03-20 | cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. |
| CVE-2019-7439 | 2019-03-20 | cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter. |
| CVE-2019-7440 | 2019-03-20 | JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). |
| CVE-2019-7441 | 2019-03-20 | cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower... |
| CVE-2018-17167 | 2019-03-20 | PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the... |
| CVE-2017-2659 | 2019-03-20 | It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly... |
| CVE-2019-3859 | 2019-03-20 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to... |
| CVE-2019-3862 | 2019-03-20 | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker... |
| CVE-2019-9889 | 2019-03-20 | In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory... |
| CVE-2019-9893 | 2019-03-21 | libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential... |
| CVE-2019-9894 | 2019-03-21 | A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. |
| CVE-2019-9895 | 2019-03-21 | In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. |
| CVE-2019-9896 | 2019-03-21 | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. |
| CVE-2019-9897 | 2019-03-21 | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. |
| CVE-2019-9898 | 2019-03-21 | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. |
| CVE-2016-5819 | 2019-03-21 | Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute... |
| CVE-2016-5800 | 2019-03-21 | A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. |
| CVE-2018-4058 | 2019-03-21 | An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface... |
| CVE-2018-4059 | 2019-03-21 | An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on... |
| CVE-2017-1713 | 2019-03-21 | IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632. |
| CVE-2018-1992 | 2019-03-21 | The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware... |