Lista CVE - 2019 / Marzo
Visualizzazione 201 - 300 di 1194 CVE per Marzo 2019 (Pagina 3 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-9606 | 2019-03-06 | PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. |
| CVE-2019-9607 | 2019-03-06 | PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. |
| CVE-2019-1588 | 2019-03-06 | Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode Arbitrary File Read Vulnerability |
| CVE-2019-1591 | 2019-03-06 | Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape Vulnerability |
| CVE-2019-1593 | 2019-03-06 | Cisco NX-OS Software Bash Shell Role-Based Access Control Bypass Privilege Escalation Vulnerability |
| CVE-2019-1594 | 2019-03-06 | Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability |
| CVE-2019-1595 | 2019-03-06 | Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability |
| CVE-2019-9608 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage... |
| CVE-2019-9609 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage... |
| CVE-2019-9610 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java. |
| CVE-2019-9611 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary... |
| CVE-2019-9612 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload... |
| CVE-2019-9613 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo... |
| CVE-2019-9614 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command. |
| CVE-2019-9615 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java. |
| CVE-2019-9616 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl... |
| CVE-2019-9617 | 2019-03-06 | An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile... |
| CVE-2019-9622 | 2019-03-07 | eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file. |
| CVE-2019-9623 | 2019-03-07 | Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php. |
| CVE-2019-9624 | 2019-03-07 | Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI. |
| CVE-2019-9625 | 2019-03-07 | JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. |
| CVE-2019-9626 | 2019-03-07 | PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to index.php. |
| CVE-2018-11783 | 2019-03-07 | sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request... |
| CVE-2019-1596 | 2019-03-07 | Cisco NX-OS Software Bash Shell Privilege Escalation Vulnerability |
| CVE-2019-1597 | 2019-03-07 | Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities |
| CVE-2019-3712 | 2019-03-07 | DSA-2019-039: Dell Wyse Device Agent Buffer Overflow Vulnerability |
| CVE-2019-3775 | 2019-03-07 | UAA allows users to modify their own email address |
| CVE-2019-3776 | 2019-03-07 | Reflected XSS in Pivotal Operations Manager |
| CVE-2019-3777 | 2019-03-07 | Apps Manager unverified SSL certs in Cloud Controller proxy |
| CVE-2019-3778 | 2019-03-07 | Open Redirect in spring-security-oauth2 |
| CVE-2019-3781 | 2019-03-07 | CF CLI does not sanitize user's password in verbose/trace/debug |
| CVE-2019-3783 | 2019-03-07 | Cloud Foundry Stratos Deploys With Public Default Session Store Secret |
| CVE-2019-3784 | 2019-03-07 | Cloud Foundry Stratos contains a Session Collision Vulnerability |
| CVE-2019-5019 | 2019-03-07 | A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the... |
| CVE-2019-1598 | 2019-03-07 | Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities |
| CVE-2019-1599 | 2019-03-07 | Cisco NX-OS Software Netstack Denial of Service Vulnerability |
| CVE-2019-1600 | 2019-03-07 | Cisco FXOS and NX-OS Software Unauthorized Directory Access Vulnerability |
| CVE-2019-0192 | 2019-03-07 | In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a... |
| CVE-2013-7466 | 2019-03-07 | Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation. |
| CVE-2013-7467 | 2019-03-07 | Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. |
| CVE-2013-7468 | 2019-03-07 | Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter. |
| CVE-2017-12447 | 2019-03-07 | GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact... |
| CVE-2018-14498 | 2019-03-07 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP... |
| CVE-2018-14499 | 2019-03-07 | An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. |
| CVE-2018-16804 | 2019-03-07 | An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. |
| CVE-2018-16808 | 2019-03-07 | An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. |
| CVE-2018-16809 | 2019-03-07 | An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. |
| CVE-2018-17412 | 2019-03-07 | zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. |
| CVE-2018-17413 | 2019-03-07 | XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. |
| CVE-2018-17414 | 2019-03-07 | zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. |
| CVE-2018-17415 | 2019-03-07 | zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. |
| CVE-2018-17416 | 2019-03-07 | A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. |
| CVE-2018-17418 | 2019-03-07 | Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. |
| CVE-2018-17419 | 2019-03-07 | An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of... |
| CVE-2018-17420 | 2019-03-07 | An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. |
| CVE-2018-17421 | 2019-03-07 | An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. |
| CVE-2018-17422 | 2019-03-07 | dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. |
| CVE-2018-17425 | 2019-03-07 | WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI. |
| CVE-2018-17426 | 2019-03-07 | WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI. |
| CVE-2018-17429 | 2019-03-07 | /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. |
| CVE-2018-17988 | 2019-03-07 | LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter. |
| CVE-2018-18449 | 2019-03-07 | EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339. |
| CVE-2019-6710 | 2019-03-07 | Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. |
| CVE-2019-7175 | 2019-03-07 | In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. |
| CVE-2019-7660 | 2019-03-07 | An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting (XSS) vulnerability, as demonstrated by admin/login.php. |
| CVE-2019-7661 | 2019-03-07 | An issue was discovered in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability. |
| CVE-2019-8437 | 2019-03-07 | njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. |
| CVE-2019-8438 | 2019-03-07 | An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. |
| CVE-2019-8439 | 2019-03-07 | An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. |
| CVE-2019-8440 | 2019-03-07 | An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. |
| CVE-2019-9117 | 2019-03-07 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code,... |
| CVE-2019-9118 | 2019-03-07 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code,... |
| CVE-2019-9119 | 2019-03-07 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code,... |
| CVE-2019-9120 | 2019-03-07 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code,... |
| CVE-2019-9121 | 2019-03-07 | An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code,... |
| CVE-2019-9185 | 2019-03-07 | Controller/Async/FilesystemManager.php in the filemanager in Bolt before 3.6.5 allows remote attackers to execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension. |
| CVE-2019-9598 | 2019-03-07 | An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF vulnerability that can change the payment account to redirect funds. |
| CVE-2018-18809 | 2019-03-07 | TIBCO JasperReports Library Directory Traversal Vulnerability |
| CVE-2018-18808 | 2019-03-07 | TIBCO JasperReports Server Privilege Escalation Via Race Condition |
| CVE-2018-18815 | 2019-03-07 | TIBCO JasperReports Server User Information Disclosure |
| CVE-2018-18816 | 2019-03-07 | TIBCO JasperReports Persistent Cross Site Scripting Vulnerability |
| CVE-2019-8986 | 2019-03-07 | TIBCO JasperReports Server XML Entity Expansion Vulnerability |
| CVE-2019-9631 | 2019-03-08 | Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. |
| CVE-2019-9632 | 2019-03-08 | ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. |
| CVE-2019-9633 | 2019-03-08 | gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of... |
| CVE-2019-9634 | 2019-03-08 | Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. |
| CVE-2019-3779 | 2019-03-08 | Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD |
| CVE-2019-3780 | 2019-03-08 | Cloud Foundry Container Runtime Leaks IAAS Credentials |
| CVE-2018-20234 | 2019-03-08 | There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to... |
| CVE-2018-20235 | 2019-03-08 | There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to... |
| CVE-2018-20236 | 2019-03-08 | There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim... |
| CVE-2019-1601 | 2019-03-08 | Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability |
| CVE-2018-20187 | 2019-03-08 | A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the... |
| CVE-2019-9627 | 2019-03-08 | A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine... |
| CVE-2019-1602 | 2019-03-08 | Cisco NX-OS Software Privilege Escalation Vulnerability |
| CVE-2019-1603 | 2019-03-08 | Cisco NX-OS Software Privilege Escalation Vulnerability |
| CVE-2019-1604 | 2019-03-08 | Cisco NX-OS Software Privilege Escalation Vulnerability |
| CVE-2018-4054 | 2019-03-08 | A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this... |
| CVE-2018-4055 | 2019-03-08 | A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this... |
| CVE-2019-1605 | 2019-03-08 | Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability |