Skip to main content
CVE-2019-8394 MEDIUM POC KEV THREAT This Month

Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Zoho Manageengine Servicedesk Plus
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
64.1%
CVE-2019-8407 MEDIUM POC This Month

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Hongcms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2019-8398 MEDIUM POC This Month

An issue was discovered in the HDF HDF5 1.10.4 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-8397 MEDIUM POC This Month

An issue was discovered in the HDF HDF5 1.10.4 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-8396 MEDIUM POC This Month

A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-8419 MEDIUM POC This Month

VNote 2.2 has XSS via a new text note. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vnote
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8400 MEDIUM POC PATCH This Month

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hydra
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-8413 MEDIUM POC This Month

On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Mi Mix 2 Firmware
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-8408 MEDIUM POC This Month

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Onefilecms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy