Skip to main content
CVE-2019-9611 MEDIUM POC This Month

An issue was discovered in OFCMS before 1.1.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ofcms
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2019-9603 MEDIUM POC This Month

MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF to delete articles, a different vulnerability than CVE-2018-18891. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minicms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2019-9595 MEDIUM POC This Month

AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Appcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9593 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Onsite
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.4%
CVE-2019-9592 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Onsite
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-9591 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Connect Onsite
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-9606 MEDIUM POC This Month

PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS via the "Update profile" feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Personal Video Collection Script
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2019-9607 MEDIUM POC This Month

PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Medical Store Script
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2019-9610 MEDIUM POC This Month

An issue was discovered in OFCMS before 1.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ofcms
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2019-1595 MEDIUM PATCH This Month

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2019-3824 MEDIUM PATCH This Month

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Samba Ubuntu Linux +1
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2019-4030 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server Websphere Virtual Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-1588 MEDIUM PATCH This Month

A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Authentication Bypass Cisco Nx Os
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy