Total
1315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5469 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
|
|||||
| CVE-2019-5466 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.
|
|||||
| CVE-2019-20209 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
|
|||||
| CVE-2019-19946 | 1 Dradisframework | 1 Dradis | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team.
|
|||||
| CVE-2019-19866 | 1 Atos | 1 Unify Openscape Uc Web Client | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs.
|
|||||
| CVE-2019-19755 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
|
ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this.
|
|||||
| CVE-2019-19616 | 1 Xtivia | 1 Web Time And Expense | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.
|
|||||
| CVE-2019-19259 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Reference (IDOR).
|
|||||
| CVE-2019-18998 | 1 Hitachienergy | 1 Asset Suite | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
|
|||||
| CVE-2019-18626 | 1 Harriscomputer | 1 Ormed Mis | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.
|
|||||
| CVE-2019-17605 | 1 Eyecomms | 1 Eyecms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account (by also exploiting CVE-2019-17604) via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is changed.
|
|||||
| CVE-2019-17604 | 1 Eyecomms | 1 Eyecms | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to change other candidates' personal information (first name, last name, email, CV, phone number, and all other personal information) by changing the value of the candidate id (the id parameter).
|
|||||
| CVE-2019-17574 | 1 Code-atlantic | 1 Popup Maker | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
|
|||||
| CVE-2019-17382 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
|
|||||
| CVE-2019-17050 | 1 Thecontrolgroup | 1 Voyager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.
|
|||||
| CVE-2019-16723 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
|
|||||
| CVE-2019-16546 | 1 Jenkins | 1 Google Compute Engine | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
|
|||||
| CVE-2019-16403 | 1 Webkul | 1 Bagisto | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers.
|
|||||
| CVE-2019-15913 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Because of insecure key transport in ZigBee communication, causing attackers to gain sensitive information and denial of service attack, take over smart home devices, and tamper with messages.
|
|||||
| CVE-2019-15815 | 1 Zyxel | 2 2.00\(abbx.3\), P-1302-t10d | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.
|
|||||
| CVE-2019-15725 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
|
|||||
| CVE-2019-15582 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.
|
|||||
| CVE-2019-15581 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
|
|||||
| CVE-2019-15310 | 1 Linkplay | 1 Linkplay | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note ...
Show More |
|||||
| CVE-2019-14932 | 1 Humanica | 1 Humatrix 7 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.
|
|||||
| CVE-2019-14725 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
|
|||||
| CVE-2019-14724 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
|
|||||
| CVE-2019-14721 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.
|
|||||
| CVE-2019-14246 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.
|
|||||
| CVE-2019-14245 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.
|
|||||
| CVE-2019-13605 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
|
|||||
| CVE-2019-13461 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.
|
|||||
| CVE-2019-13360 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
|
|||||
| CVE-2019-13337 | 1 Weseek | 1 Growi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is required.
|
|||||
| CVE-2019-12866 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was possible in JetBrains YouTrack. The issue was fixed in 2018.4.49168.
|
|||||
| CVE-2019-12782 | 1 Thoughtspot | 1 Thoughtspot | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 (before 5.1.2) allows a low-privilege user with write access to at least one pinboard to corrupt pinboards of another user in the application by spoofing GUIDs in pinboard update requests, effectively deleting them.
|
|||||
| CVE-2019-12742 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
|
|||||
| CVE-2019-12252 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
|
|||||
| CVE-2019-10108 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.
|
|||||
| CVE-2018-20405 | 1 Bigtreecms | 1 Bigtree | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP.
|
|||||