Skip to main content
CVE-2019-9621 HIGH POC KEV THREAT Act Now

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Zimbra Collaboration Suite
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
80.9%
CVE-2019-3931 HIGH POC This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2019-11617 HIGH POC This Week

doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/configurationRequest.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Google CSRF Doorgets Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-11615 HIGH POC This Week

/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Doorgets Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-9486 HIGH POC This Week

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Hidrive Desktop Client Magentacloud 1 1 Online Storage
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2019-11609 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
8.2
EPSS
4.0%
CVE-2019-11608 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
8.2
EPSS
4.1%
CVE-2019-3938 HIGH POC This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-3937 HIGH POC This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-0194 HIGH POC PATCH This Week

Apache Camel's File is vulnerable to directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Apache Camel
NVD
CVSS 3.0
7.5
EPSS
8.5%
CVE-2019-11614 HIGH POC This Week

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-11612 HIGH POC This Week

doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.7%
CVE-2019-11611 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-11610 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-11607 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-11606 HIGH POC This Week

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2019-5624 HIGH POC This Week

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Metasploit
NVD GitHub
CVSS 3.1
7.3
EPSS
2.8%
CVE-2019-10318 HIGH PATCH This Week

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Information Disclosure Azure Ad
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10316 HIGH PATCH This Week

Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Aqua Microscanner
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10315 HIGH PATCH This Week

Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Github Authentication
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2019-10313 HIGH This Week

Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Twitter
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10311 HIGH PATCH This Week

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-10310 HIGH PATCH This Week

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Ansible Tower
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-3936 HIGH This Week

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-10948 HIGH This Week

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cr Ir 357 Fcr Carbon X Firmware Cr Ir 357 Fcr Xc 2 Firmware Cr Ir 357 Fcr Capsula X Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-3399 HIGH This Week

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Jira Server
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2019-10131 HIGH PATCH This Week

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Imagemagick Enterprise Linux Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy