CVE-2019-16659

TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF.

Source: CVE-2019-16659

CVE-2019-16658

TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF.

Source: CVE-2019-16658

CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.

Source: CVE-2019-16657

CVE-2019-16661

Ogma CMS 0.5 has XSS via creation of a new blog.

Source: CVE-2019-16661

CVE-2019-16660

joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF.

Source: CVE-2019-16660

CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element.

Source: CVE-2019-16665

CVE-2019-16664

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter.

Source: CVE-2019-16664

CVE-2019-16655

joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available.

Source: CVE-2019-16655

CVE-2019-16650

On Supermicro X10 and X11 products, a client’s access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC.

Source: CVE-2019-16650

CVE-2019-16649

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.

Source: CVE-2019-16649