Skip to main content
CVE-2019-12964 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12963 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12962 MEDIUM POC This Month

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Livezilla
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
9.1%
CVE-2019-12949 MEDIUM POC This Month

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pfsense
NVD GitHub
CVSS 3.0
6.1
EPSS
3.0%
CVE-2019-12958 MEDIUM POC This Month

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-4153 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Open Redirect Security Access Manager
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2019-3961 MEDIUM This Month

Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2019-4157 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-4156 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2019-4151 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2019-4158 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass IBM Security Access Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-9836 MEDIUM This Month

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Amd Secure Encrypted Virtualization Firmware Leap
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-4382 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.1
5.3
EPSS
7.8%
CVE-2019-4152 MEDIUM PATCH This Month

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Session Fixation IBM Information Disclosure Security Access Manager
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-4377 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy