Skip to main content
CVE-2019-13372 CRITICAL POC THREAT Emergency

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP D-Link RCE Central Wifimanager
NVD GitHub
CVSS 3.1
9.8
EPSS
80.7%
CVE-2019-13373 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
9.8
EPSS
68.0%
CVE-2019-13370 HIGH POC This Week

index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Ignitedcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-13362 HIGH POC This Week

Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Codedoc
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-13375 CRITICAL PATCH Act Now

A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
9.8
EPSS
28.2%
CVE-2019-1911 HIGH This Week

A vulnerability in the CLI of Cisco Unified Communications Domain Manager (Cisco Unified CDM) Software could allow an authenticated, local attacker to escape the restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Hosted Collaboration Solution
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2019-1893 HIGH This Week

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Enterprise Nfv Infrastructure Software
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-1922 HIGH This Week

A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco Ip Conference Phone 7832 Firmware Ip Conference Phone 8832 Firmware +10
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-1921 HIGH This Week

A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-1892 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Sf200 24 Firmware Sf200 24P Firmware +55
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-1891 HIGH This Week

A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Sf200 24 Firmware Sf200 24P Firmware Sf200 48 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-1887 HIGH PATCH This Week

A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Cisco Memory Corruption Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-1933 HIGH This Week

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Email Security Appliance
NVD
CVSS 3.0
7.4
EPSS
1.2%
CVE-2019-1894 HIGH This Week

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite or read arbitrary files on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Nfv Infrastructure Software
NVD
CVSS 3.0
7.2
EPSS
3.5%
CVE-2019-1932 MEDIUM This Month

A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Cisco Advanced Malware Protection For Endpoints
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2019-13374 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS D-Link PHP Central Wifimanager
NVD GitHub
CVSS 3.0
6.1
EPSS
2.4%
CVE-2019-1931 MEDIUM This Month

Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-1930 MEDIUM This Month

Multiple vulnerabilities in the RSS dashboard in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to conduct a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Secure Firewall Management Center
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-1909 MEDIUM This Month

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Apple Ios Xr
NVD
CVSS 3.0
5.9
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy