Skip to main content
CVE-2019-11409 HIGH POC PATCH THREAT Act Now

app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE XSS Command Injection Fusionpbx
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
87.5%
CVE-2019-12181 HIGH POC THREAT Act Now

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Command Injection Serv U Ftp Server Serv U Mft Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
66.0%
CVE-2019-7579 HIGH POC This Week

An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Wrt1900Acs Firmware
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-7315 HIGH POC THREAT This Week

Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wip3Bvaf Firmware
NVD
CVSS 3.0
7.5
EPSS
11.2%
CVE-2019-8324 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rubygems Debian Linux Leap +1
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-6325 HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP CSRF T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-4103 HIGH PATCH This Week

IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command by low privileged User. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.

IBM RCE Tivoli Netcool Impact
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2019-8323 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-8322 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-8321 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-8325 HIGH PATCH This Week

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rubygems Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-11410 HIGH PATCH This Week

app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PHP Command Injection Fusionpbx
NVD GitHub
CVSS 3.0
7.2
EPSS
3.4%
CVE-2019-11407 HIGH PATCH This Week

app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Fusionpbx
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-6326 HIGH This Week

HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Buffer Overflow T6B80A Firmware T6B83A Firmware T6B81A Firmware +7
NVD
CVSS 3.0
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy