5.3
CVE-2019-25454 - phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creatioβ¦
5.1
CVE-2019-25453 - phpMoAdmin 1.1.5 Reflected Cross-Site Scripting via moadmin.php
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute arbitrary code in users'β¦
5.3
CVE-2019-25451 - phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection β¦
5.1
CVE-2019-25449 - OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint
OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name parameter to execute arbitrβ¦
5.1
CVE-2019-25448 - OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation
OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to execβ¦
5.3
CVE-2019-25447 - OrientDB 3.0.17 Cross-Site Request Forgery
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify schema classes, manaβ¦
9.3
CVE-2019-25441 - thesystem 1.0 Command Injection via run_command endpoint
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on tβ¦
8.8
CVE-2019-25438 - LabCollector 5.423 SQL Injection via login.php
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of β¦
6.7
CVE-2019-25437 - Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service
Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an applβ¦
5.1
CVE-2019-25436 - Sricam DeviceViewer 3.12.0.1 Password Change Security Bypass
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bβ¦