firefox vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-16399

Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root...

WesterndigitalWd My Book Firmware
5
CVSSv2
CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read....

4.3
CVSSv2
CVE-2019-13140

Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL...

6
CVSSv2
CVE-2016-10258

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and...

NA
CVE-2019-11739

Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by a covert content attack on S/MIME encryption. By sending a specially crafted multipart/alternative message, an attacker could exploit this vulnerability to leak plaintext when included...

7.5
CVSSv2
CVE-2010-2861

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3)...

AdobeColdfusion
4.3
CVSSv2
CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS....

Dolibarr
4.3
CVSSv2
CVE-2019-1244

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251....

4.3
CVSSv2
CVE-2019-1245

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251....

6.8
CVSSv2
CVE-2019-8076

Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user....

AdobeApplication Manager