CVE-2019-16057
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Source: CVE-2019-16057
[월:] 2019년 09월
CVE-2019-16335
CVE-2019-16335
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Source: CVE-2019-16335
CVE-2019-16334
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
Source: CVE-2019-16334
CVE-2019-16333
CVE-2019-16333
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
Source: CVE-2019-16333
CVE-2019-16332
CVE-2019-16332
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
Source: CVE-2019-16332
CVE-2019-14540
CVE-2019-14540
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
Source: CVE-2019-14540
CVE-2019-16321
CVE-2019-16321
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
Source: CVE-2019-16321
CVE-2019-16319
CVE-2019-16319
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
Source: CVE-2019-16319
CVE-2019-16320
CVE-2019-16320
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel’s latitude and longitude, via the public SNMP community.
Source: CVE-2019-16320
CVE-2019-16318
CVE-2019-16318
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.
Source: CVE-2019-16318