5.1
CVE-2019-25449 - OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute arbitrβ¦
5.1
CVE-2019-25448 - OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to execβ¦
5.3
CVE-2019-25447 - OrientDB 3.0.17 Cross-Site Request Forgery
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes, manaβ¦
9.3
CVE-2019-25441 - thesystem 1.0 Command Injection via run_command endpoint
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on tβ¦
8.8
CVE-2019-25438 - LabCollector 5.423 SQL Injection via login.php
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of β¦
6.7
CVE-2019-25437 - Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service
Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an applβ¦
5.1
CVE-2019-25436 - Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bβ¦
8.4
CVE-2019-25435 - Sricam DeviceViewer 3.12.0.1 Local Buffer Overflow DEP Bypass
Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User Manaβ¦
6.7
CVE-2019-25434 - SpotAuditor 5.3.1.0 Denial of Service via Registration Name Field
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to tβ¦
8.8
CVE-2019-25432 - Part-DB 0.4 Authentication Bypass via login.php
Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to tβ¦