ROOT-OS-UBUNTU-2204-CVE-2019-19378 CVE-2019-19378 in rootio-linux - Patched by Root

Root has patched CVE-2019-19378 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2019-15213 CVE-2019-15213 in rootio-linux - Patched by Root

Root has patched CVE-2019-15213 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2019-14899 CVE-2019-14899 in rootio-linux - Patched by Root

Root has patched CVE-2019-14899 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2204-CVE-2019-19814 CVE-2019-19814 in rootio-linux - Patched by Root

Root has patched CVE-2019-19814 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2019-19378 CVE-2019-19378 in rootio-linux - Patched by Root

Root has patched CVE-2019-19378 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2019-14899 CVE-2019-14899 in rootio-linux - Patched by Root

Root has patched CVE-2019-14899 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

ROOT-OS-UBUNTU-2404-CVE-2019-19814 CVE-2019-19814 in rootio-linux - Patched by Root

Root has patched CVE-2019-19814 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting

Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript. id: CVE-2019-19368 info: name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting author:...

Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...

Xiaomi Mi WiFi R3G Routers - Local file Inclusion

Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...

Totaljs <3.2.3 - Local File Inclusion

Total.js Platform before 3.2.3 is vulnerable to local file inclusion. id: CVE-2019-8903 info: name: Totaljs 3.2.3 - Local File Inclusion author: madrobot severity: high description: Total.js Platform before 3.2.3 is vulnerable to local file inclusion. impact: | An attacker can exploit this...

IceWarp Mail Server <=10.4.4 - Local File Inclusion

IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. id: CVE-2019-12593 info: name: IceWarp Mail Server =10.4.4 - Local File Inclusion author: pikpikcu severity: high description: | IceWarp Ma...

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

ND Booking < 2.5 - Unauthenticated Options Change

The Hotel Booking WordPress plugin ND Booking 2.5 was affected by an Unauthenticated Options Change security vulnerability. id: CVE-2019-15774 info: name: ND Booking 2.5 - Unauthenticated Options Change author: popcorn94 severity: medium description: | The Hotel Booking WordPress plugin ND Bookin...

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. id: CVE-2019-17232 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated Options Import and Export author: daffainfo severity: high description: |...

WebPort 1.19.1 - Cross-Site Scripting

Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. id: CVE-2019-12461 info: name: WebPort 1.19.1 - Cross-Site Scripting author: pikpikcu severity: medium description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. impact: |...

Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting

Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the errmsg parameter freetimefailed.cgi CGI program, aka reflective cross-site scripting. id: CVE-2019-12581 info: name: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting author: n-thumann...

Linear eMerge E3 - Cross-Site Scripting

Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter. id: CVE-2019-7255 info: name: Linear eMerge E3 - Cross-Site Scripting author: arafatansari severity: medium description: | Linear eMerge E3-Series devices are vulnerable to cross-site scripting via...