Lucene search
+L

7203 matches found

OSV
OSV
added 2020/01/06 11:15 p.m.6 views

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

7.8CVSS7.1AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2020/01/06 11:15 p.m.24 views

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

7.8CVSS7.6AI score0.00167EPSS
Exploits0References1
Prion
Prion
added 2020/01/06 11:15 p.m.17 views

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

4.6CVSS7.6AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/06 10:56 p.m.26 views

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...

7.7AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2020/01/06 6:15 a.m.28 views

CVE-2019-20354

The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...

4.3CVSS4.7AI score0.0879EPSS
Exploits5References3
Prion
Prion
added 2020/01/06 6:15 a.m.14 views

Path traversal

The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...

4CVSS4.6AI score0.0879EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2020/01/06 5:53 a.m.34 views

CVE-2019-20354

The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...

4.6AI score0.0879EPSS
Exploits5References3
OSV
OSV
added 2019/12/26 5:15 p.m.2 views

UBUNTU-CVE-2019-16780

WordPress users with lower privileges like contributors can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authenticated user. This...

5.8CVSS6.8AI score0.01718EPSS
Exploits0References7
OSV
OSV
added 2019/12/26 5:15 p.m.3 views

UBUNTU-CVE-2019-16781

In WordPress before 5.3.1, authenticated users with lower privileges like contributors can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS...

5.8CVSS6.8AI score0.01396EPSS
Exploits0References6
OSV
OSV
added 2019/12/23 11:15 p.m.17 views

CVE-2019-18211

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...

8.8CVSS8AI score
Exploits0References1
Prion
Prion
added 2019/12/23 11:15 p.m.20 views

Deserialization of untrusted data

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...

6.5CVSS9.4AI score0.02876EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/12/23 6:15 p.m.5 views

CVE-2019-5267

Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure...

5.5CVSS5.8AI score0.00222EPSS
Exploits0References1
Prion
Prion
added 2019/12/23 6:15 p.m.19 views

Information disclosure

Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure...

2.1CVSS5.2AI score0.00222EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/23 5:17 p.m.24 views

CVE-2019-5267

Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful exploit of this vulnerability can cause some information disclosure...

5.2AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 2019/12/16 10:15 p.m.3 views

CVE-2019-5259

There is an information leakage vulnerability on some Huawei productsAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600. An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an...

6.5CVSS6.6AI score0.00563EPSS
Exploits0References1
0day.today
0day.today
added 2019/12/08 12:0 a.m.435 views

SiteVision 4.x / 5.x Insufficient Module Access Control Vulnerability #ByPass

SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are...

0.9AI score0.06039EPSS
Exploits6
Packet Storm
Packet Storm
added 2019/12/06 12:0 a.m.267 views

SiteVision 4.x / 5.x Remote Code Execution

SiteVision Remote Code Execution CVE-2019-12733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12733 https://www.cybercom.com/About-Cybercom/Blogs/Security-Advisories/high-risk-vulnerabilities-in-cms-product/ Summary Attackers may execute arbitrary code as root on the target server after...

0.1AI score0.06039EPSS
Exploits6
OSV
OSV
added 2019/12/02 5:15 p.m.5 views

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

7.8CVSS7.2AI score0.00502EPSS
Exploits1References2
NVD
NVD
added 2019/12/02 5:15 p.m.18 views

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

7.8CVSS8AI score0.00502EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/12/02 4:46 p.m.24 views

CVE-2019-19014

An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudoers file that enables low-privilege users to execute a vast number of commands as root, including mv, chown, and chmod. This can be trivially exploited to gain root privileges by an attacker with access...

8AI score0.00502EPSS
Exploits1References2
Rows per page
Query Builder