Skip to main content
CVE-2019-16314 CRITICAL POC THREAT Act Now

Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Indexhibit
NVD
CVSS 3.1
9.8
EPSS
38.7%
CVE-2019-16309 CRITICAL POC Act Now

FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Flamecms
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2019-16303 CRITICAL POC PATCH Act Now

A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Apache Jhipster Jhipster Kotlin
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-16311 HIGH POC This Week

NIUSHOP V1.11 has CSRF via search_info to index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Niushop
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-16305 HIGH POC This Week

In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mobaxterm
NVD
CVSS 3.1
8.8
EPSS
6.7%
CVE-2019-16294 HIGH POC This Week

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Notepad +1
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
9.8%
CVE-2019-16313 HIGH POC THREAT This Week

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Fr6 Firmware Fr8 Firmware Fr5 Firmware Fr5 E Firmware +1
NVD
CVSS 3.1
7.5
EPSS
47.0%
CVE-2019-16307 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docushare
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-16312 MEDIUM POC This Month

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16310 MEDIUM POC This Month

NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Niushop
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-16318 HIGH PATCH This Week

In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP File Upload Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-16317 HIGH PATCH This Week

In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy