Skip to main content
CVE-2019-10267 HIGH POC THREAT Act Now

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Cloud Backup Suite
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
75.2%
CVE-2019-13386 HIGH POC This Week

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Centos Web Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2019-13382 HIGH POC This Week

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Snagit
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2019-10265 HIGH POC This Week

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cloud Backup Suite
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2019-10264 HIGH POC This Week

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cloud Backup Suite
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2019-9492 HIGH PATCH This Week

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Trend Micro RCE Officescan
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-13638 HIGH PATCH This Week

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Patch Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
4.5%
CVE-2019-5607 HIGH This Week

In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, rights. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-5606 HIGH This Week

In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-5603 HIGH This Week

In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-10266 HIGH POC THREAT This Week

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cloud Backup Suite
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.3%
CVE-2019-13565 HIGH PATCH This Week

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
7.5
EPSS
5.0%
CVE-2019-0202 HIGH PATCH This Week

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Storm
NVD
CVSS 3.0
7.5
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy