-
CVE-2018-18912
•
published on May 13, 2019
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code.
-
CVE-2018-18912
•
published on May 13, 2019
An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A stack-based buffer overflow vulnerability occurs when a malicious POST request has been made to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code.
-
CVE-2019-7218
•
published on May 13, 2019
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
-
CVE-2019-7218
•
published on May 13, 2019
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
-
CVE-2019-7218
•
published on May 13, 2019
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
-
CVE-2019-7217
•
published on May 13, 2019
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
-
CVE-2019-7217
•
published on May 13, 2019
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
-
CVE-2019-7217
•
published on May 13, 2019
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
-
CVE-2019-11680
•
published on May 13, 2019
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.
-
CVE-2019-11680
•
published on May 13, 2019
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.
-
CVE-2019-11680
•
published on May 13, 2019
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image.
-
CVE-2019-3702
•
published on May 13, 2019
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
-
CVE-2019-3702
•
published on May 13, 2019
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
-
CVE-2019-3702
•
published on May 13, 2019
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
-
CVE-2019-9727
•
published on May 13, 2019
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
-
CVE-2019-9727
•
published on May 13, 2019
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
-
CVE-2019-9727
•
published on May 13, 2019
Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
-
CVE-2019-9726
•
published on May 13, 2019
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
-
CVE-2019-9726
•
published on May 13, 2019
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.
-
CVE-2019-9726
•
published on May 13, 2019
Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.