Skip to main content
CVE-2019-9085 MEDIUM POC This Month

Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Hoteldruid
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2019-12346 MEDIUM POC This Month

In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Saml Sp Single Sign On
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-12940 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Denial Of Service Livezilla
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2019-7231 MEDIUM POC PATCH This Month

The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Abb Pb610 Panel Builder 600 Firmware
NVD
CVSS 3.1
5.7
EPSS
6.8%
CVE-2019-9957 MEDIUM POC This Month

Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Espressreport Es
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-12938 MEDIUM POC This Month

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Apache Poste Io
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2019-10689 MEDIUM This Month

VVX products using UCS software version 5.9.2 and earlier with Better Together over Ethernet Connector (BToE) application version 3.9.1 and earlier provides insufficient authentication between the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Better Together Over Ethernet Connector Unified Communications Software
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2019-11647 MEDIUM This Month

A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netiq Self Service Password Reset
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2019-12384 MEDIUM PATCH This Month

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Jackson Databind Debian Linux Enterprise Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
45.2%
CVE-2019-12880 MEDIUM This Month

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quarking Password Manager
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2019-10271 MEDIUM This Month

An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Ultimate Member
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy