CVE-2019-9207

PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued.

Source: CVE-2019-9207

CVE-2019-12837

The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints, given that the attacker is authenticated as a student: 1) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/{student_id}/ 2) https://accesuniversitat.gencat.cat/accesuniversitat/accesuniversitat-rs/AppJava/api/v1/estudiants/?page={page}.

Source: CVE-2019-12837

CVE-2019-7751

A directory traversal and local file inclusion vulnerability in FPProducerInternetServer.exe in Ricoh MarcomCentral, formerly PTI Marketing, FusionPro VDP before 10.0 allows a remote attacker to list or enumerate sensitive contents of files. Furthermore, this could allow for privilege escalation by dumping the local machine’s SAM and SYSTEM database files, and possibly remote code execution.

Source: CVE-2019-7751

CVE-2019-9197

The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.

Source: CVE-2019-9197

CVE-2018-19830

The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller’s identity.

Source: CVE-2018-19830

CVE-2018-19831

The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s identity.

Source: CVE-2018-19831

CVE-2018-14476

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.

Source: CVE-2018-14476

CVE-2018-19834

The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s identity.

Source: CVE-2018-19834

CVE-2018-19832

The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s identity.

Source: CVE-2018-19832

CVE-2018-19833

The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller’s identity.

Source: CVE-2018-19833