Skip to main content
CVE-2019-12960 CRITICAL POC Act Now

LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Livezilla
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-12961 HIGH POC This Week

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Livezilla
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2019-12957 HIGH POC This Week

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-12964 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12963 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12962 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
9.1%
CVE-2019-12949 MEDIUM POC This Month

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pfsense
NVD GitHub
CVSS 3.0
6.1
EPSS
3.0%
CVE-2019-12958 MEDIUM POC This Month

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-4135 HIGH PATCH This Week

IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-12280 HIGH This Week

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toolbox Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2019-6329 HIGH This Week

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass HP Support Assistant
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-6328 HIGH This Week

HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass HP Support Assistant
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2019-4145 HIGH PATCH This Week

IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2019-12817 HIGH PATCH This Week

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain. Rated high severity (CVSS 7.0). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Ubuntu Linux Linux Kernel +7
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2019-4153 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Open Redirect Security Access Manager
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2019-3961 MEDIUM This Month

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-4157 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-4156 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2019-4151 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2019-4158 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass IBM Security Access Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-9836 MEDIUM This Month

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Secure Encrypted Virtualization Firmware Leap
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-4382 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
7.8%
CVE-2019-4152 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Session Fixation IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-4377 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-4150 LOW PATCH Monitor

IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
3.7
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy