Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
cve-2019-5418 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-5418
There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. The impact is limited to calls to...
1 EDB exploit available
1 Metasploit module available
23 Github repositories available
7.5
CVSSv3
CVE-2019-5419
Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications that render views. All users running an affected release should either upgrade or use one of...
3 Github repositories available
8.4
CVSSv3
CVE-2019-1950
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker...
7.5
CVSSv3
CVE-2014-10069
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the...
NA
CVE-2013-5418
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL....
9.8
CVSSv3
CVE-2019-5420
There is a possible a possible remote code executing exploit in Rails when in development mode. With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in...
1 EDB exploit available
1 Metasploit module available
21 Github repositories available
7.5
CVSSv3
CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file....
7.5
CVSSv3
CVE-2018-16476
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in...
4.3
CVSSv3
CVE-2020-5418
Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none)....
NA
CVE-2018-5418
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none....
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
overflow
CVE-2021-24122
firewall
CVE-2021-21010
CVE-2021-0219
CVE-2020-14101
HTML injection
CVE-2020-6207
envira gallery
CVE-2021-0220
enviragallery
1
2
3
4
5
NEXT »
Vulmon