Skip to main content
CVE-2019-11613 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/contactView.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2019-6494 MEDIUM POC This Month

IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privileged user to send IOCTL 0x8016E000 along with a user defined string to a file; that file will be promptly deleted regardless of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Malware Fighter
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-11193 MEDIUM POC This Month

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Directadmin
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2019-10272 MEDIUM POC This Month

An issue was discovered in Weaver e-cology 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection E Cology
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2019-3934 MEDIUM POC This Month

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
5.3
EPSS
7.7%
CVE-2019-3933 MEDIUM POC This Month

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
5.3
EPSS
5.9%
CVE-2019-11626 MEDIUM POC This Month

routers/ajaxRouter.php in doorGets 7.0 has a web site physical path leakage vulnerability, as demonstrated by an ajax/index.php?uri=1234%5c request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2019-11625 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/emailingRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11624 MEDIUM POC This Month

doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets/app/requests/user/configurationRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.6%
CVE-2019-11623 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=siteweb. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11622 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11621 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=network. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11620 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/modulecategoryRequest.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-11619 MEDIUM POC This Month

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Doorgets Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.2%
CVE-2019-0214 MEDIUM PATCH This Month

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Archiva
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2019-0213 MEDIUM PATCH This Month

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apache Archiva
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2019-10308 MEDIUM PATCH This Month

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers with Overall/Read permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Static Analysis Utilities
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-10307 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationView#doSave form handler method allowed attackers to change the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Static Analysis Utilities
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2019-4166 MEDIUM This Month

IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Storediq
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-10317 MEDIUM PATCH This Month

Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Sitemonitor
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-10314 MEDIUM This Month

Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Koji
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2019-3928 MEDIUM This Month

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2019-10312 MEDIUM PATCH This Month

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Ansible Tower
NVD
CVSS 3.1
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy