Skip to main content
CVE-2019-17199 HIGH POC This Week

www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Microsoft Webpagetest
NVD GitHub
CVSS 3.1
7.5
EPSS
10.0%
CVE-2019-17191 HIGH POC This Week

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Private Messenger
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-17205 MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17206 CRITICAL PATCH Act Now

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Redis Deserialization Redis Wrapper
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2019-17197 CRITICAL PATCH Act Now

OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Openemr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17192 CRITICAL Act Now

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Private Messenger
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-17204 MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-17203 MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy