Auto Generated cves.json [Thu Mar 9 13:28:50 UTC 2023] 🤖

cves.json

@@ -675,6 +675,7 @@
 {"ID":"CVE-2019-3929","Info":{"Name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","Severity":"critical","Description":"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-3929.yaml"}
 {"ID":"CVE-2019-5127","Info":{"Name":"YouPHPTube Encoder 2.3 - Remote Command Injection","Severity":"critical","Description":"YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5127.yaml"}
 {"ID":"CVE-2019-5418","Info":{"Name":"Rails File Content Disclosure","Severity":"high","Description":"Rails \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-5418.yaml"}
+{"ID":"CVE-2019-5434","Info":{"Name":"Revive Adserver 4.2 - Remote Code Execution","Severity":"high","Description":"An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2019/CVE-2019-5434.yaml"}
 {"ID":"CVE-2019-6112","Info":{"Name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-6112.yaml"}
 {"ID":"CVE-2019-6340","Info":{"Name":"Drupal - Remote Code Execution","Severity":"high","Description":"Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2019/CVE-2019-6340.yaml"}
 {"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-6715.yaml"}