CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2019-16973 79 XSS 2019-10-22 2019-10-23
4.3
None Remote Medium Not required None Partial None
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
452 CVE-2019-16972 79 XSS 2019-10-22 2019-10-23
4.3
None Remote Medium Not required None Partial None
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
453 CVE-2019-16971 79 XSS 2019-10-22 2019-10-23
4.3
None Remote Medium Not required None Partial None
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
454 CVE-2019-16970 79 XSS 2019-10-21 2019-10-23
4.3
None Remote Medium Not required None Partial None
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
455 CVE-2019-16969 79 XSS 2019-10-21 2019-10-23
4.3
None Remote Medium Not required None Partial None
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
456 CVE-2019-16968 79 XSS 2019-10-21 2019-10-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conference_controls\conference_control_details.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS.
457 CVE-2019-16967 79 XSS 2019-10-21 2019-12-10
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized managerdisplay variable coming from the URL is reflected in HTML, leading to XSS. It can be requested via GET request to /config.php?type=tool&display=manager.
458 CVE-2019-16966 79 XSS 2019-10-21 2019-12-10
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x before 14.0.5.12, and 15.x before 15.0.8.21 for FreePBX 14.0.10.3. In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS. It can be requested via a GET request to /admin/ajax.php?module=contactmanager.
459 CVE-2019-16965 78 Exec Code 2019-10-21 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
460 CVE-2019-16964 78 Exec Code 2019-10-21 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any commands on the host as www-data.
461 CVE-2019-16943 502 2019-10-01 2021-07-20
6.8
None Remote Medium Not required Partial Partial Partial
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
462 CVE-2019-16942 502 2019-10-01 2021-07-20
7.5
None Remote Low Not required Partial Partial Partial
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
463 CVE-2019-16931 79 XSS 2019-10-03 2019-10-09
4.3
None Remote Medium Not required None Partial None
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
464 CVE-2019-16929 287 2019-10-08 2019-10-17
5.0
None Remote Low Not required None Partial None
Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
465 CVE-2019-16919 276 2019-10-18 2020-04-01
5.0
None Remote Low Not required None Partial None
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.
466 CVE-2019-16917 89 Sql 2019-10-17 2019-10-22
6.5
None Remote Low ??? Partial Partial Partial
WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function.
467 CVE-2019-16913 276 2019-10-07 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.
468 CVE-2019-16907 306 2019-10-31 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.
469 CVE-2019-16906 306 2019-10-31 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user.
470 CVE-2019-16905 190 Exec Code Overflow Mem. Corr. 2019-10-09 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
471 CVE-2019-16897 269 2019-10-28 2019-10-31
7.5
None Remote Low Not required Partial Partial Partial
In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process.
472 CVE-2019-16891 502 Exec Code 2019-10-04 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
473 CVE-2019-16866 755 2019-10-03 2020-08-24
5.0
None Remote Low Not required None None Partial
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
474 CVE-2019-16865 770 2019-10-04 2020-02-18
5.0
None Remote Low Not required None None Partial
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
475 CVE-2019-16862 79 Exec Code XSS 2019-10-21 2019-10-21
4.3
None Remote Medium Not required None Partial None
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
476 CVE-2019-16700 434 DoS Exec Code 2019-10-16 2019-10-31
7.5
None Remote Low Not required Partial Partial Partial
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
477 CVE-2019-16699 20 Exec Code 2019-10-16 2019-10-21
7.5
None Remote Low Not required Partial Partial Partial
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.
478 CVE-2019-16698 200 +Info 2019-10-16 2021-07-21
4.0
None Remote Low ??? Partial None None
The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a newsletter.
479 CVE-2019-16682 89 Sql 2019-10-16 2019-10-21
7.5
None Remote Low Not required Partial Partial Partial
The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.
480 CVE-2019-16675 125 Exec Code 2019-10-31 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation.
481 CVE-2019-16663 78 Exec Code 2019-10-28 2019-10-29
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
482 CVE-2019-16662 78 Exec Code 2019-10-28 2019-10-29
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
483 CVE-2019-16647 428 2019-10-29 2019-11-05
9.0
None Remote Low ??? Complete Complete Complete
Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows.
484 CVE-2019-16530 434 Exec Code 2019-10-21 2019-10-22
9.0
None Remote Low ??? Complete Complete Complete
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
485 CVE-2019-16523 79 XSS 2019-10-16 2019-10-18
3.5
None Remote Medium ??? None Partial None
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
486 CVE-2019-16522 79 XSS 2019-10-16 2019-10-20
3.5
None Remote Medium ??? None Partial None
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An attacker with high privileges can attack other users.
487 CVE-2019-16521 79 XSS 2019-10-16 2019-10-18
4.3
None Remote Medium Not required None Partial None
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s_filter GET parameter in a filter_id=search request. NOTE: this is an end-of-life product.
488 CVE-2019-16520 79 XSS 2019-10-16 2019-10-18
3.5
None Remote Medium ??? None Partial None
The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement.
489 CVE-2019-16519 269 Exec Code 2019-10-14 2022-01-01
7.2
None Local Low Not required Complete Complete Complete
ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to execute unauthorized commands as root by abusing an undocumented feature in scheduled tasks.
490 CVE-2019-16508 190 Overflow +Priv 2019-10-01 2019-10-08
9.3
None Remote Medium Not required Complete Complete Complete
The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.
491 CVE-2019-16417 79 XSS 2019-10-08 2019-10-09
3.5
None Remote Medium ??? None Partial None
HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report.
492 CVE-2019-16416 79 XSS 2019-10-08 2019-10-09
3.5
None Remote Medium ??? None Partial None
HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.
493 CVE-2019-16407 426 2019-10-02 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
494 CVE-2019-16404 89 Sql 2019-10-21 2019-10-22
6.5
None Remote Low ??? Partial Partial Partial
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
495 CVE-2019-16344 79 XSS 2019-10-14 2019-10-17
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.
496 CVE-2019-16330 79 XSS 2019-10-17 2019-10-21
3.5
None Remote Medium ??? None Partial None
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
497 CVE-2019-16328 915 Exec Code 2019-10-03 2020-08-24
5.0
None Remote Low Not required None Partial None
In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.
498 CVE-2019-16295 79 XSS 2019-10-31 2019-11-05
1.9
None Local Medium Not required None Partial None
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.
499 CVE-2019-16282 79 XSS 2019-10-14 2019-10-16
3.5
None Remote Medium ??? None Partial None
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
500 CVE-2019-16279 22 DoS Dir. Trav. 2019-10-14 2019-10-21
5.0
None Remote Low Not required None None Partial
A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.