Skip to main content
CVE-2019-7160 CRITICAL POC Act Now

idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Icms
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-7156 MEDIUM POC This Month

In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-7154 MEDIUM POC This Month

The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Binaryen
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-7153 MEDIUM POC This Month

A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binaryen
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-7152 MEDIUM POC This Month

A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Binaryen
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-7151 MEDIUM POC This Month

A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binaryen
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-7149 MEDIUM POC PATCH This Month

A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Elfutils Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2019-7148 MEDIUM POC This Month

An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Elfutils
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-7172 MEDIUM POC This Month

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Atutor
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-3807 CRITICAL Act Now

An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Recursor
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2019-7150 MEDIUM POC PATCH This Month

An issue was discovered in elfutils 0.175. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Elfutils Debian Linux Ubuntu Linux +8
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-7147 MEDIUM POC This Month

A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2019-7146 MEDIUM POC This Month

In elfutils 0.175, there is a buffer over-read in the ebl_object_note function in eblobjnote.c in libebl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Elfutils
NVD
CVSS 3.0
5.5
EPSS
1.5%
CVE-2019-7173 MEDIUM POC PATCH This Month

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Croogo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-7171 MEDIUM POC PATCH This Month

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Croogo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-7170 MEDIUM POC PATCH This Month

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Croogo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-7169 MEDIUM POC PATCH This Month

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Croogo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-7168 MEDIUM POC PATCH This Month

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Croogo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2019-3806 HIGH This Week

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Recursor
NVD
CVSS 3.1
8.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy