National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,992 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-16644

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-16643

An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-16534

On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.

Published: September 20, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16533

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.

Published: September 20, 2019; 12:15:13 PM -04:00
(not available)
CVE-2015-9408

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9407

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9405

The wp-piwik plugin before 1.0.5 for WordPress has XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9404

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9403

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9402

The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.

Published: September 20, 2019; 12:15:12 PM -04:00
(not available)
CVE-2015-9401

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2015-9400

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9399

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9398

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9397

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2015-9396

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9395

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9394

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin-ajax.php.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2015-9393

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.

Published: September 20, 2019; 12:15:11 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW