8.7
CVE-2019-25472 - IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sโฆ
9.3
CVE-2019-25471 - FileThingie 2.5.7 Arbitrary File Upload via ft2.php
FileThingie 2.5.7 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files by sending ZIP archives through the ft2.php endpoint. Attackers can upload ZIP files containing PHP shells, use the unzip functionality to extract them into accessible directories, and โฆ
8.7
CVE-2019-25470 - eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentialsโฆ
6.9
CVE-2019-25469 - Folder Lock 7.7.9 Denial of Service via Serial Number Field
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field toโฆ
9.3
CVE-2019-25468 - NetGain EM Plus 10.1.68 Remote Code Execution via script_test.jsp
NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the script_test.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content' parameโฆ
8.6
CVE-2019-25467 - Verypdf docPrint Pro 8.0 Local SEH Buffer Overflow
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with eโฆ
8.6
CVE-2019-25466 - Easy File Sharing Web Server 7.2 Local SEH Overflow
Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh valโฆ
8.7
CVE-2019-25465 - Hisilicon HiIpcam V100R003 Information Disclosure via Directory Traversal
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and networkโฆ
6.7
CVE-2019-25464 - InputMapper 1.6.10 Local Denial of Service via Username Field
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process โฆ
6.9
CVE-2019-25463 - SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registrโฆ