Skip to main content
CVE-2019-8393 CRITICAL POC Act Now

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotels Server
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-8394 MEDIUM POC KEV THREAT This Month

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
64.1%
CVE-2019-8418 HIGH POC This Week

SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Seacms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2019-8412 HIGH POC This Week

FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Microsoft Feifeicms
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2019-8382 HIGH POC This Week

An issue was discovered in Bento4 1.5.1-628. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-8380 HIGH POC This Week

An issue was discovered in Bento4 1.5.1-628. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-8378 HIGH POC This Week

An issue was discovered in Bento4 1.5.1-628. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.0
8.8
EPSS
1.6%
CVE-2019-8389 HIGH POC This Week

A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Musicloud
NVD GitHub
CVSS 3.1
8.1
EPSS
1.5%
CVE-2019-8383 HIGH POC This Week

An issue was discovered in AdvanceCOMP through 2.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Advancecomp Debian Linux Fedora +3
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-8381 HIGH POC This Week

An issue was discovered in Tcpreplay 4.3.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-8379 HIGH POC This Week

An issue was discovered in AdvanceCOMP through 2.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Advancecomp Debian Linux Fedora +3
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-8377 HIGH POC This Week

An issue was discovered in Tcpreplay 4.3.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-8376 HIGH POC This Week

An issue was discovered in Tcpreplay 4.3.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-7649 HIGH POC This Week

global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cmswing
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2019-8411 HIGH POC This Week

admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Zzcms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-8392 HIGH POC This Week

An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2019-7399 HIGH POC This Week

Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Fire Os
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2019-8422 HIGH POC This Week

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pbootcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-8421 HIGH POC This Week

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bagecms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.2%
CVE-2019-8407 MEDIUM POC This Month

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-8398 MEDIUM POC This Month

An issue was discovered in the HDF HDF5 1.10.4 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-8397 MEDIUM POC This Month

An issue was discovered in the HDF HDF5 1.10.4 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-8396 MEDIUM POC This Month

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-8419 MEDIUM POC This Month

VNote 2.2 has XSS via a new text note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8400 MEDIUM POC PATCH This Month

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hydra
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-8395 CRITICAL Act Now

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2019-8413 MEDIUM POC This Month

On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Mi Mix 2 Firmware
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-8408 MEDIUM POC This Month

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Onefilecms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy