Vulnerability Summary for the Week of September 16, 2019

Original release date: September 23, 2019

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary


Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. 2019-09-18 9.0 CVE-2019-13550

MISC
advantech — webaccess In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. 2019-09-18 9.0 CVE-2019-13558

MISC
apache — tapestry Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp’s AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component. 2019-09-16 7.5 CVE-2019-0195

MLIST
arubanetworks — arubaos A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked. 2019-09-13 9.3 CVE-2018-7081

CONFIRM

MISC
aspose — aspose.pdf_for_c++ An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. 2019-09-18 7.5 CVE-2019-5066

CONFIRM
aspose — aspose.pdf_for_c++ An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. 2019-09-18 7.5 CVE-2019-5067

CONFIRM
atlassian — jira The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. 2019-09-19 9.0 CVE-2019-15001

MISC
canonical — ubuntu_linux A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. 2019-09-17 7.2 CVE-2019-14835

REDHAT

REDHAT

REDHAT

REDHAT

REDHAT

CONFIRM

FEDORA

UBUNTU

MISC
code42 — code42 In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution. 2019-09-17 7.5 CVE-2019-15131

CONFIRM

MISC
dlink — dns-320_firmware The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. 2019-09-16 10.0 CVE-2019-16057

MISC

MISC
egpp — sistema_integrado_de_gestion_academica In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database. 2019-09-16 7.5 CVE-2019-16264

MISC
fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. 2019-09-15 7.5 CVE-2019-14540

CONFIRM

MISC

MISC
fasterxml — jackson-databind A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. 2019-09-15 7.5 CVE-2019-16335

MISC
flamecms_project — flamecms FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. 2019-09-14 7.5 CVE-2019-16309

MISC
gitlabhook_project — gitlabhook NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name. 2019-09-13 10.0 CVE-2019-5485

MISC
haxx — curl Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. 2019-09-16 7.5 CVE-2019-5481

SUSE

CONFIRM

FEDORA

FEDORA
haxx — curl Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. 2019-09-16 7.5 CVE-2019-5482

SUSE

CONFIRM

FEDORA

FEDORA
ibm — cognos_analytics IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973. 2019-09-17 7.8 CVE-2019-4183

XF

CONFIRM
indexhibit — indexhibit Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. 2019-09-14 7.5 CVE-2019-16314

MISC
infradead — openconnect process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. 2019-09-17 7.5 CVE-2019-16239

CONFIRM

FEDORA

FEDORA

FEDORA

MISC
jhipster — jhipster_kotlin A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover. 2019-09-13 7.5 CVE-2019-16303

MISC

MISC

MISC

MISC

MISC
keeper — k5_firmware On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. 2019-09-19 7.2 CVE-2019-16398

MISC
libav — libav In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf. 2019-09-19 7.1 CVE-2019-9717

MISC

MISC
libav — libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. 2019-09-19 7.1 CVE-2019-9720

MISC

MISC
linux — linux_kernel An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel’s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer ‘struct kvm_coalesced_mmio’ object, wherein write indices ‘ring->first’ and ‘ring->last’ value could be supplied by a host user-space process. An unprivileged host user or process with access to ‘/dev/kvm’ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. 2019-09-19 7.2 CVE-2019-14821

MLIST

CONFIRM
linux-nfs — nfs-utils The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system if fs.protected_symlinks is not set 2019-09-19 10.0 CVE-2019-3689

CONFIRM
membersonic — membersonic The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. 2019-09-16 7.5 CVE-2016-10971

MISC
microfocus — data_protector Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. 2019-09-13 7.2 CVE-2019-11660

CONFIRM
moddable — moddable In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. 2019-09-16 7.5 CVE-2019-16366

MISC
open-emr — openemr OpenEMR v5.0.1-6 allows code execution. 2019-09-16 9.0 CVE-2019-8371

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication. 2019-09-20 7.5 CVE-2019-15088

MISC

MISC
publisure — publisure An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account “user” in order to become “Administrator” (for example). 2019-09-18 7.5 CVE-2019-14254

MISC
rsa — archer RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. 2019-09-18 7.5 CVE-2019-3758

MISC
schneider-electric — bmxnor0200h_firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. 2019-09-17 7.8 CVE-2019-6813

CONFIRM

CONFIRM
schneider-electric — modicon_premium_firmware A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware versions prior to V2.90), Modicon M340 (firmware versions prior to V3.10), Modicon Premium (all versions), Modicon Quantum (all versions), which could cause a possible denial of service when reading invalid data from the controller. 2019-09-17 7.8 CVE-2019-6809

CONFIRM
schneider-electric — modicon_premium_firmware A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmware version prior to V2.90), Modicon M340 (firmware version prior to V3.10), Modicon Premium (all versions), and Modicon Quantum (all versions), which could cause a possible denial of service when reading specific coils and registers in the controller over Modbus. 2019-09-17 7.8 CVE-2019-6828

CONFIRM
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnerable software, requiring no privileges and no user interaction. The vulnerability could allow full access to the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 7.5 CVE-2019-13918

MISC
smackcoders — ultimate_exporter The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. 2019-09-20 7.5 CVE-2016-11000

MISC

MISC
tagdiv — newspaper The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. 2019-09-16 7.5 CVE-2016-10972

MISC

EXPLOIT-DB
tagdiv — newspaper The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. 2019-09-16 7.5 CVE-2017-18634

MISC
telestar — bobs_rock_radio_firmware TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands. 2019-09-16 7.5 CVE-2019-13474

MISC

MISC
templatic — telvolution The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. 2019-09-18 7.5 CVE-2016-10995

MISC
tenda — n301_firmware On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. 2019-09-13 7.8 CVE-2019-16288

MISC
tendacn — n301_firmware In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) 2019-09-19 7.8 CVE-2019-16412

MISC
terrasoft — bpm_online_crm_system_sdk A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm’online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter. 2019-09-18 7.5 CVE-2019-15301

MISC
tibco — enterprise_runtime_for_r The server component of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R – Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0. 2019-09-18 10.0 CVE-2019-11210

MISC

CONFIRM
tibco — enterprise_runtime_for_r The server component of TIBCO Software Inc.’s TIBCO Enterprise Runtime for R – Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R – Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0. 2019-09-18 9.0 CVE-2019-11211

MISC

CONFIRM
trusteddomain — opendmarc OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. 2019-09-17 7.5 CVE-2019-16378

MLIST

MISC

MISC

BUGTRAQ

DEBIAN

MISC
tuzicms — tuzicms AppHomeControllerZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16644

MISC
vivotek — camera VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. 2019-09-18 7.8 CVE-2019-14458

CONFIRM

MISC
westerndigital — wd_my_book_firmware Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. 2019-09-18 7.5 CVE-2019-16399

MISC

MISC
wireshark — wireshark In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. 2019-09-15 7.8 CVE-2019-16319

MISC

MISC

MISC
wp-kama — kama_click_counter The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. 2019-09-13 9.3 CVE-2017-18614

MISC

MISC
yejiao — tuzicms AppMobileControllerZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Mobile/Zhuanti/group?id= substring. 2019-09-20 7.5 CVE-2019-16642

MISC

Back to top

Medium Vulnerabilities

Primary


Vendor — Product
Description Published CVSS Score Source & Patch Info
advantech — webaccess In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. 2019-09-18 6.5 CVE-2019-13552

MISC
advantech — webaccess In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. 2019-09-18 6.5 CVE-2019-13556

MISC
agentevolution — impress_listings The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. 2019-09-20 4.3 CVE-2016-11013

MISC

MISC
akal_project — akal The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. 2019-09-16 4.3 CVE-2016-10957

MISC

MISC
apache — tapestry Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn’t filter the character “, so attacker can perform a path traversal attack to read any files on Windows platform. 2019-09-16 5.0 CVE-2019-0207

MLIST
apache — tapestry The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead. 2019-09-16 6.8 CVE-2019-10071

MLIST
arubanetworks — arubaos Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. 2019-09-13 4.3 CVE-2019-5314

CONFIRM
aspose — aspose.pdf_for_c++ An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability. 2019-09-18 6.5 CVE-2019-5042

CONFIRM
asus — asuswrt-merlin An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak. 2019-09-17 5.0 CVE-2018-20336

MISC

CONFIRM
atlassian — bitbucket The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands. 2019-09-19 6.8 CVE-2019-15000

MISC
atlassian — jira_service_desk_server The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. 2019-09-19 4.3 CVE-2019-14994

MISC
attosoft — auto_thickbox_plus The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. 2019-09-20 4.3 CVE-2015-9396

MISC

MISC
axiosys — bento4 Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. 2019-09-16 4.3 CVE-2019-16349

MISC
bestwebsoft — relevant The relevant plugin before 1.0.8 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9384

MISC

MISC
bower — bower Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted. 2019-09-13 5.0 CVE-2019-5484

MISC

MISC

MISC
brafton — brafton The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. 2019-09-16 4.3 CVE-2016-10973

MISC

MISC
checklist — checklist An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. 2019-09-19 4.3 CVE-2019-16525

MISC

MISC

MISC

MISC
cisco — hyperflex_hx220c_af_m5_firmware A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. 2019-09-18 5.0 CVE-2019-12620

CISCO
cisco — hyperflex_hx220c_af_m5_firmware A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks. 2019-09-18 4.3 CVE-2019-1975

CISCO
codepeople — music_store The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. 2019-09-17 4.3 CVE-2016-10992

MISC

MISC

MISC
codesys — codesys 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.15.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source libraries, but 3S-Smart Software Solutions GmbH strongly recommends distributing compiled libraries only. 2019-09-17 6.8 CVE-2019-13538

MISC
codesys — control_for_beaglebone An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime. 2019-09-17 6.5 CVE-2019-9008

MISC

CERT
creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. 2019-09-16 6.4 CVE-2016-10965

MISC

MISC
creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. 2019-09-16 5.0 CVE-2016-10966

MISC

MISC
creativeinteractivemedia — real3d_flipbook The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. 2019-09-16 4.3 CVE-2016-10967

MISC

MISC
cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. 2019-09-20 4.3 CVE-2015-9407

MISC

MISC

MISC
cyberseo — xpinner_lite The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS. 2019-09-20 4.3 CVE-2015-9408

MISC

MISC

MISC
dolibarr — dolibarr In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. 2019-09-16 4.3 CVE-2019-16197

MISC
eclipse — mosquitto If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations. 2019-09-18 5.5 CVE-2019-11778

CONFIRM
eclipse — mosquitto In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more ‘/’ characters, i.e. the topic hierarchy separator, then a stack overflow will occur. 2019-09-19 4.0 CVE-2019-11779

CONFIRM
elfsight — instalinker The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. 2019-09-20 4.3 CVE-2016-11005

MISC

MISC
estatik — estatik The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. 2019-09-16 5.0 CVE-2016-10958

MISC

MISC

MISC
estatik — estatik The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. 2019-09-16 4.0 CVE-2016-10959

MISC

MISC
firestormplugins — fs-shopping-cart The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. 2019-09-13 6.5 CVE-2016-10951

MISC

MISC

MISC
fossura — tag_miner The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. 2019-09-17 6.8 CVE-2016-10978

MISC

MISC
fossura — tag_miner The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. 2019-09-17 4.3 CVE-2016-10979

MISC
fulixerox — docushare A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). 2019-09-14 4.3 CVE-2019-16307

MISC
geautomation — proficy Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. 2019-09-16 5.0 CVE-2019-16353

MISC
ghost — ghost The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. 2019-09-17 4.0 CVE-2016-10983

MISC

MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings. 2019-09-16 5.5 CVE-2019-15721

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.2.1. Particular mathematical expressions in GitLab Markdown can exhaust client resources. 2019-09-16 5.0 CVE-2019-15722

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations. 2019-09-16 5.0 CVE-2019-15723

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. 2019-09-16 4.3 CVE-2019-15724

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information. 2019-09-16 5.0 CVE-2019-15725

MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server. 2019-09-16 5.0 CVE-2019-15726

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users. 2019-09-16 5.0 CVE-2019-15727

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server. 2019-09-16 5.0 CVE-2019-15728

MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request. 2019-09-17 5.0 CVE-2019-15729

MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server. 2019-09-16 5.0 CVE-2019-15730

MISC
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so. 2019-09-16 5.0 CVE-2019-15731

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions. 2019-09-16 5.0 CVE-2019-15732

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users. 2019-09-16 4.0 CVE-2019-15733

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these. 2019-09-16 4.0 CVE-2019-15734

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack. 2019-09-16 5.0 CVE-2019-15736

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management. 2019-09-16 6.4 CVE-2019-15737

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email. 2019-09-16 5.0 CVE-2019-15738

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. 2019-09-16 4.3 CVE-2019-15739

CONFIRM
gitlab — gitlab An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads. 2019-09-16 5.0 CVE-2019-15740

MISC
gitlab — gitlab An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control. 2019-09-16 5.5 CVE-2019-16170

MISC
gnucobol_project — gnucobol GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code. 2019-09-17 6.8 CVE-2019-16395

MISC
gnucobol_project — gnucobol GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. 2019-09-17 6.8 CVE-2019-16396

MISC
gpac — gpac AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is “cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;” but cfg could be NULL. 2019-09-16 4.3 CVE-2018-21015

MISC
gpac — gpac audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2019-09-16 4.3 CVE-2018-21016

MISC
gpac — gpac GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. 2019-09-16 4.3 CVE-2018-21017

MISC

MISC
gradle — gradle The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. 2019-09-16 4.3 CVE-2019-16370

MISC

MISC
hrworks — hrworks A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. 2019-09-17 4.3 CVE-2019-11559

FULLDISC

MISC
ibm — application_performance_management IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. 2019-09-17 4.3 CVE-2019-4086

XF

CONFIRM
ibm — cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 158876. 2019-09-17 4.3 CVE-2019-4171

XF

CONFIRM
ibm — cognos_controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880. 2019-09-17 5.0 CVE-2019-4175

XF

CONFIRM
ibm — financial_transaction_manager_for_multiplatform IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946. 2019-09-18 4.0 CVE-2018-1847

XF

CONFIRM
ibm — security_key_lifecycle_manager IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626. 2019-09-20 5.0 CVE-2019-4565

XF

CONFIRM
ibm — sterling_file_gateway IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413. 2019-09-16 6.5 CVE-2019-4147

XF

CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. 2019-09-17 5.0 CVE-2019-4268

XF

CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226. 2019-09-17 4.0 CVE-2019-4442

XF

CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. IBM X-Force ID: 163997. 2019-09-17 4.0 CVE-2019-4477

XF

CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. 2019-09-20 5.0 CVE-2019-4505

XF

CONFIRM
icegram — icegram The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. 2019-09-16 4.3 CVE-2016-10962

MISC

MISC
icegram — icegram The icegram plugin before 1.9.19 for WordPress has XSS. 2019-09-16 4.3 CVE-2016-10963

MISC
ifw8 — fr5-e_firmware ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. 2019-09-14 5.0 CVE-2019-16313

MISC
imdb-widget_project — imdb-widget The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion. 2019-09-17 5.0 CVE-2016-10991

MISC

MISC
intel — easy_streaming_wizard Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack. 2019-09-16 4.6 CVE-2019-11166

CONFIRM
intenogroup — eg200_firmware Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the “user” account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. 2019-09-16 4.3 CVE-2019-13140

MISC

MISC

MISC

EXPLOIT-DB
kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. 2019-09-17 4.3 CVE-2016-10980

MISC

MISC
kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. 2019-09-17 4.3 CVE-2016-10981

MISC

MISC
kentothemes — kento-post-view-counter The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. 2019-09-17 6.8 CVE-2016-10982

MISC

MISC
kodebyraaet — safe_editor The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. 2019-09-17 4.3 CVE-2016-10976

MISC

MISC
layerbb — layerbb LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php. 2019-09-19 6.8 CVE-2019-16531

MISC

MISC

MISC

MISC
leenk — leenk.me The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer. 2019-09-17 4.3 CVE-2016-10988

MISC

MISC

MISC
leenk — leenk.me The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF. 2019-09-17 6.8 CVE-2016-10989

MISC

MISC

MISC
libav — libav A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. 2019-09-19 6.8 CVE-2019-9719

MISC

MISC

MISC

MISC
libwav_project — libwav marc-q libwav through 2019-08-15 has a NULL pointer dereference in gain_file() at wav_gain.c. 2019-09-16 4.3 CVE-2019-16348

MISC
linecorp — line Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially crafted image. 2019-09-19 6.8 CVE-2019-6010

MISC

MISC
linux — linux_kernel An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. 2019-09-18 5.0 CVE-2019-16413

MISC

MISC

MISC
logmein — lastpass LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim’s account on a previously visited web site, because do_popupregister can be bypassed via clickjacking. 2019-09-16 5.8 CVE-2019-16371

MISC
mail-masta_project — mail-masta The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. 2019-09-16 5.0 CVE-2016-10956

MISC

MISC

MISC
mcafee — total_protection DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights. 2019-09-13 6.0 CVE-2019-3646

CONFIRM
mi — xiaomi_millet_firmware A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. 2019-09-18 5.8 CVE-2019-15843

CONFIRM
microfocus — service_manager Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data. 2019-09-18 6.5 CVE-2019-11661

CONFIRM
microfocus — service_manager Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. 2019-09-18 4.0 CVE-2019-11662

CONFIRM
microfocus — service_manager Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. 2019-09-18 4.0 CVE-2019-11663

CONFIRM
microfocus — service_manager Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. 2019-09-18 4.0 CVE-2019-11664

CONFIRM
microfocus — service_manager Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. 2019-09-17 5.0 CVE-2019-11665

CONFIRM
microfocus — service_manager Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. 2019-09-17 6.8 CVE-2019-11666

CONFIRM
microfocus — service_manager Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data. 2019-09-17 5.0 CVE-2019-11667

CONFIRM
mobatek — mobaxterm In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. 2019-09-14 6.8 CVE-2019-16305

MISC
momizat — goodnews The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. 2019-09-20 4.3 CVE-2016-10999

MISC
mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. 2019-09-20 4.3 CVE-2015-9386

MISC

MISC
mz-automation — libiec61850 libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. 2019-09-19 5.0 CVE-2019-16510

MISC
neliosoftware — nelio_ab_testing The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. 2019-09-17 4.0 CVE-2016-10977

MISC

MISC

MISC
nerdcow — tweet_wheel The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret. 2019-09-17 4.3 CVE-2016-10986

MISC

MISC

MISC
netattingo — wp-whois-domain The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. 2019-09-13 4.3 CVE-2017-18612

MISC

MISC
neuvoo — neuvoo-jobroll The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS. 2019-09-20 4.3 CVE-2015-9404

MISC

MISC
neuvoo — neuvoo_jobs The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS. 2019-09-20 4.3 CVE-2015-9403

MISC

MISC
ngiflib_project — ngiflib ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. 2019-09-16 6.8 CVE-2019-16346

MISC

MISC
ngiflib_project — ngiflib ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. 2019-09-16 6.8 CVE-2019-16347

MISC

MISC
niushop — niushop NIUSHOP V1.11 has CSRF via search_info to index.php. 2019-09-14 6.8 CVE-2019-16311

MISC
notepad_plus_plus — notepad++ SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. 2019-09-14 6.8 CVE-2019-16294

MISC

MISC

MISC
ocimscripts — ocim-mp3 The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. 2019-09-20 4.3 CVE-2016-10998

MISC
open-emr — openemr OpenEMR v5.0.1-6 allows XSS. 2019-09-16 4.3 CVE-2019-8368

MISC
optinmonster — optinmonster The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. 2019-09-20 5.0 CVE-2016-10996

MISC

MISC
ostenta — yawpp The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. 2019-09-20 4.3 CVE-2015-9391

MISC

MISC
pagelines — pagelines The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. 2019-09-13 6.8 CVE-2016-10945

MISC
peepso — peepso The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. 2019-09-16 6.5 CVE-2016-10968

MISC

MISC
picoc_project — picoc PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. 2019-09-13 6.8 CVE-2019-16277

MISC
pimcore — pimcore In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. 2019-09-14 6.5 CVE-2019-16317

MISC

MISC
pimcore — pimcore In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. 2019-09-14 6.5 CVE-2019-16318

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. 2019-09-20 5.0 CVE-2019-15085

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. 2019-09-20 4.3 CVE-2019-15086

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution. 2019-09-20 6.5 CVE-2019-15087

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. 2019-09-20 6.8 CVE-2019-15089

MISC

MISC
publisure — publisure An issue was discovered in the secure portal in Publisure 2.1.2. Once successfully authenticated as an administrator, one is able to inject arbitrary PHP code by using the adminCons.php form. The code is then stored in the E:PUBLISUREwebservicewebpagesAdminDirTemplates folder even if removed from the adminCons.php view (i.e., the rogue PHP file can be hidden). 2019-09-18 6.5 CVE-2019-14252

MISC
publisure — publisure An issue was discovered in servletcontroller in the secure portal in Publisure 2.1.2. One can bypass authentication and perform a query on PHP forms within the /AdminDir folder that should be restricted. 2019-09-18 6.4 CVE-2019-14253

MISC
pydio — pydio Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. 2019-09-19 5.0 CVE-2019-15032

MISC

MISC

MISC
pydio — pydio Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring. 2019-09-19 4.0 CVE-2019-15033

MISC

MISC

MISC
redmineup — crm The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. 2019-09-16 4.3 CVE-2019-15950

MISC

MISC
rsa — archer RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users’ UI under certain error conditions. 2019-09-18 4.0 CVE-2019-3756

MISC
rsa — bsafe_cert-j RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. 2019-09-18 4.3 CVE-2019-3738

MISC
rsa — bsafe_cert-j RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. 2019-09-18 4.3 CVE-2019-3739

MISC
rsa — bsafe_cert-j RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. 2019-09-18 4.3 CVE-2019-3740

MISC
s-cms — s-cms s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. 2019-09-14 4.3 CVE-2019-16312

MISC
scadabr — scadabr ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. 2019-09-15 4.3 CVE-2019-16321

MISC
schneider-electric — bmxnor0200h_firmware CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. 2019-09-17 6.5 CVE-2019-6810

CONFIRM
schneider-electric — bmxnor0200h_firmware A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. 2019-09-17 5.0 CVE-2019-6831

CONFIRM
schneider-electric — hmigtu_firmware A CWE-754 ? Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of – HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. 2019-09-17 4.3 CVE-2019-6833

CONFIRM
schneider-electric — modicon_quantum_140noe77101_firmware An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover. 2019-09-17 5.0 CVE-2019-6811

CONFIRM
schneider-electric — somachine_hvac A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product. 2019-09-17 6.8 CVE-2019-6826

CONFIRM
siemens — ie/wsn-pa_link_wirelesshart_gateway_firmware A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. 2019-09-13 4.3 CVE-2019-13923

MISC
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited by an attacker with network access and valid credentials for the web interface. No user interaction is required. The vulnerability could allow an attacker to access information that he should not be able to read. The affected information does not include passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 4.0 CVE-2019-13919

MISC
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an attacker that is able to trigger requests of a logged-in user to the application. The vulnerability could allow switching the connectivity state of a user or a device. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 4.3 CVE-2019-13920

MISC
siemens — sinema_remote_connect_server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attacker with network access to the SINEMA Remote Connect Server and administrative privileges. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 4.0 CVE-2019-13922

MISC
sirv — sirv The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. 2019-09-13 6.5 CVE-2016-10950

MISC

MISC

MISC
slickquiz_project — slickquiz An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. 2019-09-13 4.3 CVE-2019-12517

MISC

MISC
smackcoders — echo_sign The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. 2019-09-17 4.3 CVE-2016-10984

MISC

MISC

MISC
smackcoders — echo_sign The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. 2019-09-17 4.3 CVE-2016-10985

MISC

MISC

MISC
spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. This is related to ecrire/inc/meta.php and ecrire/inc/securiser_action.php. 2019-09-17 4.0 CVE-2019-16391

MISC

MISC

MISC
spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. 2019-09-17 4.3 CVE-2019-16392

MISC

MISC
spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. 2019-09-17 5.8 CVE-2019-16393

MISC

MISC

MISC
spip — spip SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. 2019-09-17 5.0 CVE-2019-16394

MISC

MISC

MISC

MISC
supportflow_project — supportflow The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title. 2019-09-16 4.3 CVE-2016-10969

MISC

MISC
supportflow_project — supportflow The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt. 2019-09-16 4.3 CVE-2016-10970

MISC

MISC
tonjoostudio — fluid-responsive-slideshow The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS. 2019-09-17 6.8 CVE-2016-10974

MISC

MISC
tonjoostudio — fluid-responsive-slideshow The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter. 2019-09-17 4.3 CVE-2016-10975

MISC

MISC
trivetechnology — wp-stats-dashboard The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. 2019-09-20 6.5 CVE-2015-9399

MISC

MISC

MISC
truemag_theme_project — truemag_theme The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. 2019-09-18 4.3 CVE-2016-10994

MISC
trust_form_project — trust_form The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. 2019-09-13 4.3 CVE-2017-18613

MISC

MISC
typomedia — wordpress_meta_robots The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. 2019-09-20 6.5 CVE-2015-9400

MISC

MISC

MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php. 2019-09-20 6.8 CVE-2015-9394

MISC

MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. 2019-09-20 6.5 CVE-2015-9395

MISC

MISC

MISC
vmware — vcenter_server VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user?s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out. 2019-09-18 5.8 CVE-2019-5531

CONFIRM
vmware — vcenter_server VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). 2019-09-18 4.0 CVE-2019-5532

MISC

CONFIRM
vmware — vcenter_server VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine’s vAppConfig properties. A malicious actor with access to query the vAppConfig properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). 2019-09-18 4.0 CVE-2019-5534

MISC

CONFIRM
webkul — bagisto In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers. 2019-09-18 6.5 CVE-2019-16403

MISC
webmaster-source — gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection. 2019-09-20 6.5 CVE-2015-9398

MISC

MISC

MISC
woocommerce — persian_woocommerce_sms The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. 2019-09-17 4.3 CVE-2016-10987

MISC

MISC

MISC
wp-kama — kama_click_counter The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. 2019-09-13 4.3 CVE-2017-18615

MISC
wp-piwik_project — wp-piwik The wp-piwik plugin before 1.0.5 for WordPress has XSS. 2019-09-20 4.3 CVE-2015-9405

MISC

MISC

MISC
wpcerber — cerber_security_antispam_&_malware_scan The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header. 2019-09-17 4.3 CVE-2016-10990

MISC

MISC
yourinspirationweb — beauty-premium The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. 2019-09-20 4.3 CVE-2016-10997

MISC

EXPLOIT-DB
zulip — zulip_server The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages. 2019-09-18 4.0 CVE-2019-16215

CONFIRM

CONFIRM

Back to top

Low Vulnerabilities

Primary


Vendor — Product
Description Published CVSS Score Source & Patch Info
beego — beego The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. 2019-09-16 1.9 CVE-2019-16354

MISC
beego — beego The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. 2019-09-16 2.1 CVE-2019-16355

MISC
bludit — bludit In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. 2019-09-15 3.5 CVE-2019-16334

MISC
freeipa — freeipa A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session. 2019-09-17 2.1 CVE-2019-14826

CONFIRM
get-simple — getsimple_cms GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. 2019-09-15 3.5 CVE-2019-16333

MISC
ibm — cognos_analytics IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 161421. 2019-09-17 3.5 CVE-2019-4342

XF

CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160203. 2019-09-17 3.5 CVE-2019-4270

XF

CONFIRM
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. 2019-09-17 3.5 CVE-2019-4271

XF

CONFIRM
intel — 3106_firmware A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. 2019-09-16 2.9 CVE-2019-11184

MISC

CONFIRM

CONFIRM
linux — linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. 2019-09-13 3.6 CVE-2019-15030

MISC

MISC

UBUNTU
linux — linux_kernel In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users’ processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. 2019-09-13 3.6 CVE-2019-15031

MISC

MISC

UBUNTU
mtouch_quiz_project — mtouch_quiz The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. 2019-09-20 3.5 CVE-2015-9389

MISC

MISC
niushop — niushop NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. 2019-09-14 3.5 CVE-2019-16310

MISC
scoreme_project — scoreme The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter. 2019-09-17 3.5 CVE-2016-10993

MISC
solaplugins — sola_support_tickets The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. 2019-09-20 3.5 CVE-2016-11012

MISC

MISC
symantec — norton_password_manager Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. 2019-09-17 2.1 CVE-2019-12755

CONFIRM
usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. 2019-09-20 3.5 CVE-2015-9392

MISC

MISC

MISC
usersultra — users_ultra_membership The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. 2019-09-20 3.5 CVE-2015-9393

MISC

MISC
webcraftic — woody_ad_snippets The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. 2019-09-13 3.5 CVE-2019-16289

MISC

MISC

MISC
webmaster-source — gocodes The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS. 2019-09-20 3.5 CVE-2015-9397

MISC

MISC

MISC
websimon-tables_project — websimon-tables The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS. 2019-09-20 3.5 CVE-2015-9401

MISC

MISC

MISC
zrlog — zrlog An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. 2019-09-20 3.5 CVE-2019-16643

MISC
zulip — zulip_server Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself. 2019-09-18 3.5 CVE-2019-16216

CONFIRM

CONFIRM

Back to top

Severity Not Yet Assigned

Primary


Vendor — Product
Description Published CVSS Score Source & Patch Info
3s-smart_software_solutions — codesys_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. 2019-09-13 not yet calculated CVE-2019-13532

MISC
3s-smart_software_solutions — codesys_web_server CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which could cause a stack overflow and create a denial-of-service condition or allow remote code execution. 2019-09-13 not yet calculated CVE-2019-13548

MISC
3s-smart_sofware_solutions — codesys_opc_ua_server 3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition. 2019-09-17 not yet calculated CVE-2019-13542

MISC
3s-smart_sofware_solutions — codesys_products An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash. 2019-09-17 not yet calculated CVE-2019-9009

MISC
arubanetworks — arubaos A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x. 2019-09-13 not yet calculated CVE-2019-5315

CONFIRM
cobham — sea_tel_devices Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel’s latitude and longitude, via the public SNMP community. 2019-09-15 not yet calculated CVE-2019-16320

MISC
draytek — vigor2925_devices On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. 2019-09-20 not yet calculated CVE-2019-16533

MISC
draytek — vigor2925_devices On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. 2019-09-20 not yet calculated CVE-2019-16534

MISC
embedthis — goahead An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. 2019-09-20 not yet calculated CVE-2019-16645

MISC
eq-3 — homematic_ccu2_and_ccu3_devices eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process. 2019-09-17 not yet calculated CVE-2019-16199

MISC
f5 — big-ip F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. 2019-09-20 not yet calculated CVE-2019-6649

CONFIRM
f5 — big-ip F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. 2019-09-20 not yet calculated CVE-2019-6650

CONFIRM
ffjpeg — ffjpeg ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. 2019-09-16 not yet calculated CVE-2019-16351

MISC
ffjpeg — ffjpeg ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. 2019-09-16 not yet calculated CVE-2019-16350

MISC
ffjpeg — ffjpeg ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. 2019-09-16 not yet calculated CVE-2019-16352

MISC
firegiant — wix_toolset An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path. 2019-09-19 not yet calculated CVE-2019-16511

MISC

MISC

MISC
forcepoint — vpn_client_for_windows Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. 2019-09-20 not yet calculated CVE-2019-6145

CONFIRM
gila_cms — gila_cms Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. 2019-09-21 not yet calculated CVE-2019-16679

MISC

MISC
gitlab — omnibus An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation 2019-09-16 not yet calculated CVE-2019-15741

MISC
gnome — file-roller An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. 2019-09-21 not yet calculated CVE-2019-16680

MISC

MISC

MISC
idreamsoft — icms An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. 2019-09-21 not yet calculated CVE-2019-16677

MISC
joyplus — joyplus-cms joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains available. 2019-09-21 not yet calculated CVE-2019-16655

MISC
joyplus — joyplus-cms joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. 2019-09-21 not yet calculated CVE-2019-16660

MISC
joyplus — joyplus-cms joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. 2019-09-21 not yet calculated CVE-2019-16656

MISC
linux — linux_kernel There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 2019-09-20 not yet calculated CVE-2019-14814

MLIST

MISC

CONFIRM

MISC

FEDORA

FEDORA

MISC
linux — linux_kernel There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. 2019-09-20 not yet calculated CVE-2019-14816

MLIST

MISC

CONFIRM

MISC

FEDORA

FEDORA

MISC
mautic — mautic An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. 2019-09-20 not yet calculated CVE-2018-11200

CONFIRM
node.js — node.js The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. 2019-09-20 not yet calculated CVE-2019-15138

MISC
ogma_cms — ogma_cms Ogma CMS 0.5 has XSS via creation of a new blog. 2019-09-21 not yet calculated CVE-2019-16661

MISC
pagekit — pagekit The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. 2019-09-21 not yet calculated CVE-2019-16669

MISC
pivotal — application_service Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to. 2019-09-20 not yet calculated CVE-2019-11280

CONFIRM
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal. 2019-09-20 not yet calculated CVE-2019-14914

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate. 2019-09-20 not yet calculated CVE-2019-14915

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. A file’s format is not properly checked, leading to an unrestricted file upload. 2019-09-20 not yet calculated CVE-2019-14916

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS. 2019-09-20 not yet calculated CVE-2019-14911

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel. 2019-09-20 not yet calculated CVE-2019-14913

MISC

MISC
prise — adas An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. 2019-09-20 not yet calculated CVE-2019-14912

MISC

MISC
prospecta — master_data_online Prospecta Master Data Online (MDO) allows CSRF. 2019-09-20 not yet calculated CVE-2018-17789

MISC
schneider_electric — apc_ups_network_management_card_2 A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. 2019-09-17 not yet calculated CVE-2018-7820

CONFIRM
schneider_electric — modicon_m580_and_m340_controllers A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (firmware version prior to V2.90) and Modicon M340 (firmware version prior to V3.10), which could cause a possible denial of service when writing to specific memory addresses in the controller over Modbus. 2019-09-17 not yet calculated CVE-2019-6829

CONFIRM
schneider_electric — modicon_m580_controllers A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the controller. 2019-09-17 not yet calculated CVE-2019-6830

CONFIRM
schneider_electric — spacelynk_and_wiser_for_knx A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 – formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. 2019-09-17 not yet calculated CVE-2019-6832

CONFIRM
schneider_electric — u.motion_server A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed. 2019-09-17 not yet calculated CVE-2019-6840

CONFIRM
schneider_electric — u.motion_server A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow an attacker to inject client-side script when a user visits a web page. 2019-09-17 not yet calculated CVE-2019-6835

CONFIRM
schneider_electric — u.motion_server A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL. 2019-09-17 not yet calculated CVE-2019-6837

CONFIRM
schneider_electric — u.motion_server An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow the file system to access the wrong file. 2019-09-17 not yet calculated CVE-2019-6836

CONFIRM
schneider_electric — u.motion_server An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to delete a critical file. 2019-09-17 not yet calculated CVE-2019-6838

CONFIRM
schneider_electric — u.motion_server An Improper Access Control: CWE-284 vulnerability exists in U.motion Server (MEG6501-0001 – U.motion KNX server, MEG6501-0002 – U.motion KNX Server Plus, MEG6260-0410 – U.motion KNX Server Plus, Touch 10, MEG6260-0415 – U.motion KNX Server Plus, Touch 15), which could allow a user with low privileges to upload a rogue file. 2019-09-17 not yet calculated CVE-2019-6839

CONFIRM
siemens — simatic_tdc_cp51m1 A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. 2019-09-13 not yet calculated CVE-2019-10937

MISC
supermicro — multiple_products On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. 2019-09-20 not yet calculated CVE-2019-16649

MISC

MISC

MISC
supermicro — x10_and_x11_products On Supermicro X10 and X11 products, a client’s access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. 2019-09-20 not yet calculated CVE-2019-16650

MISC

MISC

MISC
thinksaas — thinksaas An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element. 2019-09-21 not yet calculated CVE-2019-16665

MISC

thinksaas — thinksaas 

An issue was discovered in ThinkSAAS 2.91. There is XSS via the index.php?app=group&ac=create&ts=do groupname parameter. 2019-09-21 not yet calculated CVE-2019-16664

MISC
topcon_positioning — net-g5_gnss_receiver_devices An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. 2019-09-20 not yet calculated CVE-2019-11326

MISC
topcon_positioning — net-g5_gnss_receiver_devices An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device’s files system. 2019-09-20 not yet calculated CVE-2019-11327

MISC
tuzicms — tuzicms TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. 2019-09-21 not yet calculated CVE-2019-16658

MISC
tuzicms — tuzicms TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/. 2019-09-21 not yet calculated CVE-2019-16657

MISC
tuzicms — tuzicms TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. 2019-09-21 not yet calculated CVE-2019-16659

MISC
valve — counter-strike:global_offensive vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call. 2019-09-19 not yet calculated CVE-2019-15943

MISC

CONFIRM
vmware — esxi_and_workstation_and_fusion VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. 2019-09-20 not yet calculated CVE-2019-5521

MISC

CONFIRM
wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. 2019-09-20 not yet calculated CVE-2016-11008

MISC

MISC

MISC
wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. 2019-09-20 not yet calculated CVE-2016-11010

MISC

MISC

MISC
wordpress — wordpress The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. 2019-09-20 not yet calculated CVE-2016-11004

MISC

MISC
wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. 2019-09-20 not yet calculated CVE-2016-11009

MISC

MISC

MISC
wordpress — wordpress The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. 2019-09-20 not yet calculated CVE-2014-10397

MISC
wordpress — wordpress The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. 2019-09-20 not yet calculated CVE-2016-11002

MISC

MISC
wordpress — wordpress The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. 2019-09-20 not yet calculated CVE-2016-11001

MISC

MISC
wordpress — wordpress The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header. 2019-09-16 not yet calculated CVE-2016-10964

MISC

MISC
wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. 2019-09-20 not yet calculated CVE-2016-11007

MISC

MISC

MISC
wordpress — wordpress The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. 2019-09-20 not yet calculated CVE-2016-11003

MISC

MISC
wordpress — wordpress The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. 2019-09-13 not yet calculated CVE-2016-10952

MISC

MISC

MISC
wordpress — wordpress The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload. 2019-09-20 not yet calculated CVE-2015-9402

MISC

MISC

MISC
wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. 2019-09-20 not yet calculated CVE-2016-11006

MISC

MISC

MISC
wordpress — wordpress The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF. 2019-09-20 not yet calculated CVE-2015-9387

MISC

MISC
wordpress — wordpress The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. 2019-09-16 not yet calculated CVE-2016-10960

MISC

MISC
wordpress — wordpress In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. 2019-09-15 not yet calculated CVE-2019-16332

MISC

MISC

MISC

MISC
wordpress — wordpress The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. 2019-09-20 not yet calculated CVE-2016-11011

MISC

MISC

MISC
wordpress — wordpress The quotes-and-tips plugin before 1.20 for WordPress has XSS. 2019-09-20 not yet calculated CVE-2015-9385

MISC

MISC
wordpress — wordpress The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. 2019-09-16 not yet calculated CVE-2016-10961

MISC
wordpress — wordpress The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. 2019-09-20 not yet calculated CVE-2015-9388

MISC

MISC
wordpress — wordpress The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. 2019-09-20 not yet calculated CVE-2015-9390

MISC

MISC
wordpress — wordpress Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. (dot dot) in the files parameter to css/css.php. 2019-09-20 not yet calculated CVE-2015-9406

MISC
wordpress — wordpress The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. 2019-09-13 not yet calculated CVE-2016-10949

MISC
wordpress — wordpress The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. 2019-09-20 not yet calculated CVE-2014-10396

MISC
yzmcms — yzmcms admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route. 2019-09-21 not yet calculated CVE-2019-16678

MISC
zhejiang_dahua_technology — ip_camera_devices The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. 2019-09-18 not yet calculated CVE-2019-9677

CONFIRM
zhejiang_dahua_technology — ip_camera_devices Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. 2019-09-18 not yet calculated CVE-2019-9678

CONFIRM
zhejiang_dahua_technology — ip_camera_devices Some of Dahua’s Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. 2019-09-18 not yet calculated CVE-2019-9679

CONFIRM
zhejiang_dahua_technology — ip_camera_devices Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. 2019-09-18 not yet calculated CVE-2019-9680

CONFIRM
zhejiang_dahua_technology — ip_camera_devices Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. 2019-09-17 not yet calculated CVE-2019-9681

CONFIRM

Back to top