Skip to main content
CVE-2019-14246 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Centos Web Panel
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-14245 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Centos Web Panel
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-13476 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webpanel
NVD GitHub
CVSS 3.0
5.4
EPSS
6.5%
CVE-2019-15045 MEDIUM POC This Month

AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Servicedesk Plus
NVD
CVSS 3.0
5.3
EPSS
4.9%
CVE-2019-13599 MEDIUM POC This Month

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webpanel
NVD
CVSS 3.1
5.3
EPSS
4.0%
CVE-2019-15292 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 4.7). Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
2.6%
CVE-2019-1839 MEDIUM This Month

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Remote Phy 120 Firmware Remote Phy 220 Firmware Remote Phy Shelf 7200 Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-1984 MEDIUM This Month

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Function Virtualization Infrastructure Sofware
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-13458 MEDIUM PATCH This Month

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-12746 MEDIUM PATCH This Month

An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Otrs Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-15112 MEDIUM This Month

The wp-slimstat plugin before 4.8.1 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Slimstat Analytics
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-15110 MEDIUM This Month

The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Front End Profile
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2019-15109 MEDIUM This Month

The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress The Events Calendar
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2019-1948 MEDIUM This Month

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Webex Meetings
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2019-12622 MEDIUM This Month

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Telepresence Codec C40 Firmware Telepresence Codec C60 Firmware Telepresence Codec C90 Firmware +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11551 MEDIUM This Month

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Code42 For Enterprise Crashplan For Small Business
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2019-3634 MEDIUM This Month

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Data Loss Prevention Endpoint
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-3633 MEDIUM This Month

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Data Loss Prevention Endpoint
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15127 MEDIUM This Month

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Redcap
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2019-11602 MEDIUM This Month

Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iot Gateway Software Prosyst Mbs Sdk
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-12626 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-12623 MEDIUM This Month

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Enterprise Network Functions Virtualization Infrastructure
NVD
CVSS 3.0
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy