National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,764 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2016-10965

The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10963

The icegram plugin before 1.9.19 for WordPress has XSS.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10962

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10961

The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10960

The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-10958

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-10957

The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16170

An issue was discovered in GitLab Enterprise Edition 11.x and 12.x before 12.0.9, 12.1.x before 12.1.9, and 12.2.x before 12.2.5. It has Incorrect Access Control.

Published: September 16, 2019; 08:15:10 AM -04:00
(not available)
CVE-2019-16057

The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.

Published: September 16, 2019; 08:15:10 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-13474

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have insufficient access control for the /set_dname, /mylogo, /LocalPlay, /irdevice.xml, /Sendkey, /setvol, /hotkeylist, /init, /playlogo.jpg, /stop, /exit, /back, and /playinfo commands.

Published: September 16, 2019; 08:15:10 AM -04:00
(not available)
CVE-2017-18634

The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.

Published: September 16, 2019; 08:15:10 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10956

The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.

Published: September 16, 2019; 08:15:10 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16334

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.

Published: September 15, 2019; 06:15:10 PM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2019-16333

GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.

Published: September 15, 2019; 06:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16332

In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.

Published: September 15, 2019; 06:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Published: September 15, 2019; 06:15:10 PM -04:00
(not available)
CVE-2019-16321

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.

Published: September 15, 2019; 12:15:13 PM -04:00
(not available)