Skip to main content
CVE-2019-16404 HIGH POC This Week

Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-17498 HIGH POC PATCH This Week

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Libssh2 Fedora Leap +7
NVD GitHub
CVSS 3.1
8.1
EPSS
3.8%
CVE-2019-9491 HIGH POC THREAT This Week

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro RCE Anti Threat Toolkit
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
12.9%
CVE-2019-18218 HIGH POC PATCH This Week

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption File Debian Linux Leap +3
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-10716 HIGH POC This Week

An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Director
NVD Exploit-DB
CVSS 3.1
7.7
EPSS
4.1%
CVE-2019-17400 HIGH POC PATCH This Week

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Universal Office Converter
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2019-18217 HIGH POC THREAT This Week

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Proftpd
NVD GitHub
CVSS 3.1
7.5
EPSS
19.5%
CVE-2019-16964 HIGH PATCH This Week

app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PHP Command Injection Fusionpbx
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-16980 HIGH PATCH This Week

In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Fusionpbx
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-16965 HIGH This Week

resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Fusionpbx
NVD GitHub
CVSS 3.1
7.2
EPSS
3.0%
CVE-2019-16530 HIGH PATCH This Week

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Nexus Iq Server Nexus Repository Manager
NVD
CVSS 3.1
7.2
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy