Skip to main content
CVE-2019-10009 MEDIUM POC THREAT This Month

A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Ftp Server
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
11.5%
CVE-2019-9839 MEDIUM POC This Month

VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descrizione_g parameter or the admin/sync_reg_tab.php azzera parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vfront
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-9838 MEDIUM POC This Month

VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera parameter, which is mishandled during admin/error_log.php rendering. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Vfront
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-11368 MEDIUM POC This Month

Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solar Data Recorder
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2019-11370 MEDIUM POC This Month

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pcoweb Card Firmware
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
4.0%
CVE-2019-12566 MEDIUM POC PATCH This Month

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP Wp Statistics
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-12376 MEDIUM POC This Month

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ivanti Landesk Management Suite
NVD
CVSS 3.0
4.5
EPSS
0.6%
CVE-2019-12375 MEDIUM This Month

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Ivanti RCE Path Traversal Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
6.3
EPSS
1.1%
CVE-2017-14850 MEDIUM This Month

All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siteomat
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2019-12308 MEDIUM PATCH This Month

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2019-12584 MEDIUM PATCH This Month

Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an XSS issue in apcupsd_status.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Apcupsd Pfsense
NVD GitHub
CVSS 3.0
6.1
EPSS
2.6%
CVE-2019-9824 MEDIUM PATCH This Month

tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Qemu
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2019-6773 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2019-6772 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2019-6771 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2019-6770 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2019-6766 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2019-6758 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
2.7%
CVE-2019-6756 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2019-6753 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
10.7%
CVE-2019-6752 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-6746 MEDIUM PATCH This Month

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Foxit Studio Photo
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3802 MEDIUM PATCH This Month

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Data Java Persistance Api
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2019-6588 MEDIUM POC PATCH This Month

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Liferay Portal
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
2.3%
CVE-2019-9753 MEDIUM PATCH This Month

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Otrs
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-12614 MEDIUM PATCH This Month

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. Rated medium severity (CVSS 4.1). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux +3
NVD
CVSS 3.1
4.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy