Skip to main content
CVE-2019-11409 HIGH POC PATCH THREAT Act Now

app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE XSS Command Injection Fusionpbx
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
87.5%
CVE-2019-12181 HIGH POC THREAT Act Now

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Command Injection Serv U Ftp Server Serv U Mft Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
66.0%
CVE-2019-7579 HIGH POC This Week

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Wrt1900Acs Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-7315 HIGH POC THREAT This Week

Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wip3Bvaf Firmware
NVD
CVSS 3.0
7.5
EPSS
11.2%
CVE-2019-12476 MEDIUM POC This Month

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zoho Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.0
6.8
EPSS
1.5%
CVE-2019-12789 MEDIUM POC This Month

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure T2200H Firmware
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2019-11408 MEDIUM POC PATCH This Month

XSS in app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 allows remote unauthenticated attackers to inject arbitrary JavaScript characters by placing a phone call using. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Command Injection RCE PHP Fusionpbx
NVD GitHub
CVSS 3.0
6.1
EPSS
6.9%
CVE-2019-7158 CRITICAL Act Now

OX App Suite 7.10.0 and earlier has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-12550 CRITICAL Act Now

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded users and passwords that can be used to login via SSH and TELNET. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 852 303 Firmware 852 1305 Firmware 852 1505 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-12549 CRITICAL Act Now

WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 852 303 Firmware 852 1305 Firmware 852 1505 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-6327 CRITICAL Act Now

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow Laserjet Pro M280 M281 T6B80A Firmware Laserjet Pro M280 M281 T6B83A Firmware Laserjet Pro M280 M281 T6B81A Firmware +7
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2019-12865 MEDIUM POC This Month

In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-5016 CRITICAL Act Now

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Information Disclosure R8000 Firmware R7900 Firmware +1
NVD
CVSS 3.1
9.1
EPSS
3.6%
CVE-2019-8324 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rubygems Debian Linux Leap +1
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-6325 HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-4103 HIGH PATCH This Week

IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

IBM RCE Tivoli Netcool Impact
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2019-8323 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-8322 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-8321 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-8325 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-11410 HIGH PATCH This Week

app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PHP Command Injection Fusionpbx
NVD GitHub
CVSS 3.0
7.2
EPSS
3.4%
CVE-2019-11407 HIGH PATCH This Week

app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Fusionpbx
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-6326 HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Buffer Overflow T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
7.2
EPSS
1.7%
CVE-2019-4173 MEDIUM PATCH This Month

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cognos Controller
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-12801 MEDIUM POC This Month

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Seeddms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.9%
CVE-2019-6323 MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-10997 MEDIUM This Month

An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) before 2019.0 LTS and AXC F 2152 STARTERKIT (No.1046568) before 2019.0 LTS devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Axc F 2152 Firmware Axc F 2152 Starterkit Firmware
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2019-4136 MEDIUM PATCH This Month

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cognos Controller
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5017 MEDIUM This Month

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8000 Firmware Netusb Ko
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-12497 MEDIUM This Month

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2019-4176 MEDIUM PATCH This Month

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Cognos Controller
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-6324 MEDIUM This Month

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS HP T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-12248 MEDIUM This Month

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-4177 LOW PATCH Monitor

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Cognos Controller
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-4174 LOW PATCH Monitor

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Cognos Controller
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy