National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,996 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2018-17789

Prospecta Master Data Online (MDO) allows CSRF.

Published: September 20, 2019; 03:15:11 PM -04:00
(not available)
CVE-2019-5521

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain an out-of-bounds read vulnerability in the pixel shader functionality. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on the host. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Published: September 20, 2019; 02:15:10 PM -04:00
(not available)
CVE-2018-11200

An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.

Published: September 20, 2019; 02:15:10 PM -04:00
(not available)
CVE-2019-4565

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-16644

App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-16643

An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-16534

On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.

Published: September 20, 2019; 12:15:13 PM -04:00
(not available)
CVE-2019-16533

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.

Published: September 20, 2019; 12:15:13 PM -04:00
(not available)
CVE-2015-9408

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9407

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9405

The wp-piwik plugin before 1.0.5 for WordPress has XSS.

Published: September 20, 2019; 12:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9404

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9403

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9402

The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.

Published: September 20, 2019; 12:15:12 PM -04:00
(not available)
CVE-2015-9401

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2015-9400

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9399

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9398

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2015-9397

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

Published: September 20, 2019; 12:15:12 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW