Security Vulnerabilities - CVEs Published In October 2019
pixelpost 1.7.1 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-28
mailscanner can allow local users to prevent virus signatures from being updated
CVSS Score
5.5
EPSS Score
0.001
Published
2019-10-28
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
CVSS Score
9.8
EPSS Score
0.451
Published
2019-10-28
Tiki Wiki CMS Groupware 5.2 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-28
Tiki Wiki CMS Groupware 5.2 has CSRF
CVSS Score
8.8
EPSS Score
0.001
Published
2019-10-28
pootle 2.0.5 has XSS via 'match_names' parameter
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-28
Snoopy before 2.0.0 has a security hole in exec cURL
CVSS Score
9.8
EPSS Score
0.005
Published
2019-10-28
Zoo 2.10 has Directory traversal
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-28
An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-10-28
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
CVSS Score
9.8
EPSS Score
0.594
Published
2019-10-28