National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 124,374 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2015-9488

The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 03:15:09 PM -04:00
(not available)
CVE-2015-9487

The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 03:15:09 PM -04:00
(not available)
CVE-2015-9486

The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 03:15:09 PM -04:00
(not available)
CVE-2019-6335

A potential security vulnerability has been identified with Samsung Laser Printers. This vulnerability could potentially be exploited to create a denial of service.

Published: October 11, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-14570

Memory corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Published: October 11, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-14569

Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

Published: October 11, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-11167

Improper file permission in software installer for Intel(R) Smart Connect Technology for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: October 11, 2019; 02:15:11 PM -04:00
(not available)
CVE-2019-11120

Insufficient path checking in the installer for Intel(R) Active System Console before version 8.0 Build 24 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published: October 11, 2019; 02:15:11 PM -04:00
(not available)
CVE-2015-9485

The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
(not available)
CVE-2015-9484

The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
(not available)
CVE-2015-9483

The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
(not available)
CVE-2015-9482

The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
(not available)
CVE-2015-9481

The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

Published: October 11, 2019; 02:15:10 PM -04:00
(not available)
CVE-2019-6333

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827. This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service.

Published: October 11, 2019; 01:15:10 PM -04:00
V3.1: 6.7 NONE
    V2: 7.2 HIGH
CVE-2019-17504

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.

Published: October 11, 2019; 01:15:10 PM -04:00
V3.1: 6.1 NONE
    V2: 4.3 MEDIUM
CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.

Published: October 11, 2019; 01:15:09 PM -04:00
(not available)
CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles.

Published: October 11, 2019; 01:15:09 PM -04:00
V3.1: 9.8 NONE
    V2: 10.0 HIGH
CVE-2019-14510

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)

Published: October 11, 2019; 08:15:11 AM -04:00
(not available)
CVE-2019-17499

The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.

Published: October 11, 2019; 07:15:10 AM -04:00
(not available)
CVE-2010-5340

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.

Published: October 11, 2019; 07:15:09 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM