CVE-2019-15501

Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.

Source: CVE-2019-15501

CVE-2018-20992

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.

Source: CVE-2018-20992

CVE-2019-15562

GORM before 1.9.10 allows SQL injection via incomplete parentheses.

Source: CVE-2019-15562

CVE-2019-15561

FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.

Source: CVE-2019-15561

CVE-2018-20994

An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled.

Source: CVE-2018-20994

CVE-2019-15556

Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.

Source: CVE-2019-15556

CVE-2019-15521

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

Source: CVE-2019-15521

CVE-2018-20990

An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.

Source: CVE-2018-20990

CVE-2019-15304

Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. NOTE: this device also ships with ProGrade branding.

Source: CVE-2019-15304

CVE-2019-15524

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.

Source: CVE-2019-15524