Skip to main content
CVE-2019-3929 CRITICAL POC KEV THREAT Emergency

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Am 100 Firmware Am 101 Firmware Wepresent Wipg 1000P Firmware +9
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.0%
CVE-2019-9621 HIGH POC KEV THREAT Act Now

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zimbra Collaboration Suite
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
80.9%
CVE-2019-11627 CRITICAL POC Act Now

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Signing Party Debian Linux Leap
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-3932 CRITICAL POC THREAT Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
36.3%
CVE-2019-3930 CRITICAL POC Act Now

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Am 100 Firmware Am 101 Firmware +10
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2019-3927 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-3926 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-3925 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-11618 CRITICAL POC Act Now

doorGets 7.0 has a default administrator credential vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-11616 CRITICAL POC Act Now

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-3935 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.3%
CVE-2019-3931 HIGH POC This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2019-11617 HIGH POC This Week

doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Google CSRF Doorgets Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-11615 HIGH POC This Week

/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doorgets Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-9486 HIGH POC This Week

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Hidrive Desktop Client Magentacloud 1 1 Online Storage
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-11609 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
8.2
EPSS
4.0%
CVE-2019-11608 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
8.2
EPSS
4.1%
CVE-2019-3938 HIGH POC This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-3937 HIGH POC This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-0194 HIGH POC PATCH This Week

Apache Camel's File is vulnerable to directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Apache Camel
NVD
CVSS 3.0
7.5
EPSS
8.5%
CVE-2019-11614 HIGH POC This Week

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-11612 HIGH POC This Week

doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-11611 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-11610 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-11607 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-11606 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-5624 HIGH POC This Week

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Metasploit
NVD GitHub
CVSS 3.1
7.3
EPSS
2.8%
CVE-2019-11613 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-6494 MEDIUM POC This Month

IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Malware Fighter
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-11193 MEDIUM POC This Month

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Directadmin
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2019-10272 MEDIUM POC This Month

An issue was discovered in Weaver e-cology 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection E Cology
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-3939 CRITICAL Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-10950 CRITICAL Act Now

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cr Ir 357 Fcr Carbon X Firmware Cr Ir 357 Fcr Xc 2 Firmware Cr Ir 357 Fcr Capsula X Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-3934 MEDIUM POC This Month

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
5.3
EPSS
7.7%
CVE-2019-3933 MEDIUM POC This Month

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
5.3
EPSS
5.9%
CVE-2019-11626 MEDIUM POC This Month

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-10309 CRITICAL Act Now

Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Self Organizing Swarm Modules
NVD
CVSS 3.0
9.3
EPSS
1.8%
CVE-2019-11625 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11624 MEDIUM POC This Month

doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.6%
CVE-2019-11623 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11622 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11621 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11620 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11619 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-10318 HIGH PATCH This Week

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure Azure Ad
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10316 HIGH PATCH This Week

Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aqua Microscanner
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10315 HIGH PATCH This Week

Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Github Authentication
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-10313 HIGH This Week

Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Twitter
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10311 HIGH PATCH This Week

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10310 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Ansible Tower
NVD
CVSS 3.0
8.8
EPSS
1.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy