Security Vulnerabilities - CVEs Published In May 2019
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
CVSS Score
6.1
EPSS Score
0.016
Published
2019-05-07
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
CVSS Score
8.1
EPSS Score
0.037
Published
2019-05-07
Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring.
CVSS Score
6.1
EPSS Score
0.021
Published
2019-05-07
An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network.
CVSS Score
9.8
EPSS Score
0.051
Published
2019-05-07
cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data.
CVSS Score
6.1
EPSS Score
0.008
Published
2019-05-07
The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-05-07
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-05-07
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-05-07
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
CVSS Score
6.1
EPSS Score
0.024
Published
2019-05-07
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
CVSS Score
7.5
EPSS Score
0.131
Published
2019-05-07