7203 matches found
CVE-2019-6854
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...
CVE-2019-6854
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...
Authentication flaw
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...
CVE-2019-6854
A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
Path traversal
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
UBUNTU-CVE-2019-16780
WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...
UBUNTU-CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...
CVE-2019-18211
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...
Deserialization of untrusted data
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...
CVE-2019-5267
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure...
Information disclosure
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure...
CVE-2019-5267
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure...
CVE-2019-5259
There is an information leakage vulnerability on some Huawei productsAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600. An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an...
SiteVision 4.x / 5.x Insufficient Module Access Control Vulnerability #ByPass
SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are...
SiteVision 4.x / 5.x Remote Code Execution
SiteVision Remote Code Execution CVE-2019-12733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12733 https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/ Summary Attackers may execute arbitrary code as root on the target server after...
CVE-2019-19014
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...
CVE-2019-19014
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...
CVE-2019-19014
An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...