Skip to main content
CVE-2019-12518 CRITICAL POC THREAT Emergency

Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Crosschex
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
50.7%
CVE-2019-19492 CRITICAL POC THREAT Emergency

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freeswitch
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
29.0%
CVE-2019-19021 CRITICAL POC Act Now

An issue was discovered in TitanHQ WebTitan before 5.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webtitan
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-19015 CRITICAL POC Act Now

An issue was discovered in TitanHQ WebTitan before 5.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL Information Disclosure Webtitan
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-19245 CRITICAL POC Act Now

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xinet Elegant 6 Asset Library
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
7.9%
CVE-2019-19017 HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Webtitan
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-19014 HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Webtitan
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19019 HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Webtitan
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-19016 HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Webtitan
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-19490 HIGH POC This Week

LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Litemanager
NVD Exploit-DB
CVSS 3.1
7.3
EPSS
0.4%
CVE-2019-19020 HIGH POC This Week

An issue was discovered in TitanHQ WebTitan before 5.18. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload RCE Webtitan
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2019-15689 MEDIUM POC This Month

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Information Disclosure Kaspersky Internet Security Secure Connection +2
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2019-19516 MEDIUM POC This Month

Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wrn 150 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
9.6%
CVE-2019-19362 MEDIUM POC This Month

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Teamviewer
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-19491 MEDIUM POC This Month

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Testlink
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-12503 CRITICAL Act Now

Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bcst 60 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-12394 CRITICAL Act Now

Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Management System
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2019-12392 CRITICAL Act Now

Anviz access control devices allow remote attackers to issue commands without a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Anviz Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-19502 CRITICAL PATCH Act Now

Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor before 4.1.9 allows remote authenticated users to execute arbitrary PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection PHP RCE Image Uploader And Browser For Ckeditor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2019-15631 CRITICAL Act Now

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Api Gateway Mule Runtime
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-19489 MEDIUM POC This Month

SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Smplayer
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.9%
CVE-2019-19496 MEDIUM POC This Month

Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alfresco
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-19493 MEDIUM POC PATCH This Month

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Xperience
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.0%
CVE-2019-19507 MEDIUM POC PATCH This Month

In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor':. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Json Pattern Validator
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2012-5562 HIGH This Week

A flaw was found in rhn-proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Satellite
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2019-15628 HIGH This Week

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Antivirus Security 2020 Internet Security 2020 Maximum Security 2020 +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-19316 HIGH PATCH This Week

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Hashicorp Terraform
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-12393 HIGH This Week

Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Management System
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-12391 HIGH This Week

The Anviz Management System for access control has insufficient logging for device events such as door open requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Management System
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-12389 HIGH This Week

Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Anviz Firmware
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-12388 HIGH This Week

Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Anviz Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-19018 LOW POC Monitor

An issue was discovered in TitanHQ WebTitan before 5.18. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Webtitan
NVD
CVSS 3.1
2.7
EPSS
0.8%
CVE-2019-19118 MEDIUM PATCH This Month

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Fedora
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-12390 MEDIUM This Month

Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Anviz Firmware
NVD
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy