Total
309917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19684 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin. | |||||
| CVE-2019-19683 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs. | |||||
| CVE-2019-19682 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the vendor reportedly considers this a "feature" because the affected components are an HTML content editor. | |||||
| CVE-2019-19681 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| ** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands. | |||||
| CVE-2019-19680 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email. | |||||
| CVE-2019-19679 | 1 Xpand-it | 1 Xray Test Mangaement | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue. | |||||
| CVE-2019-19678 | 1 Xpand-it | 1 Xray Test Mangaement | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue. | |||||
| CVE-2019-19677 | 1 Arxes-tolina | 1 Arxes-tolina | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| arxes-tolina 3.0.0 allows User Enumeration. | |||||
| CVE-2019-19676 | 1 Arxes-tolina | 1 Arxes-tolina | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. By entering formula code in the following columns: Kundennummer, Firma, Street, PLZ, Ort, Zahlziel, and Bemerkung, an attacker can create a user with a name that contains malicious code. Other users might download this data as a CSV file and corrupt their PC by opening it in a tool such as Microsoft Excel. The attacker could gain remote access to the user's PC. | |||||
| CVE-2019-19675 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked. | |||||
| CVE-2019-19670 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A HTTP Response Splitting vulnerability was identified in the Web Settings Component of Web File Manager in Rumpus FTP Server 8.2.9.1. A successful exploit can result in stored XSS, website defacement, etc. via ExtraHTTPHeader to RAPR/WebSettingsGeneralSet.html. | |||||
| CVE-2019-19669 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-19668 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF vulnerability exists in the File Types component of Web File Manager in Rumpus FTP 8.2.9.1 that allows an attacker to add or delete the file types that are used on the server via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-19667 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| A CSRF vulnerability exists in the Block Clients component of Web File Manager in Rumpus FTP 8.2.9.1 that could allow an attacker to whitelist or block any IP address via RAPR/BlockedClients.html. | |||||
| CVE-2019-19666 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html. | |||||
| CVE-2019-19665 | 1 Maxum | 1 Rumpus | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html. | |||||
| CVE-2019-19664 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html. | |||||
| CVE-2019-19663 | 1 Maxum | 1 Rumpus | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. | |||||
| CVE-2019-19662 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html. | |||||
| CVE-2019-19661 | 1 Maxum | 1 Rumpus Ftp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp. | |||||