National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,875 matching records.
Displaying matches 1421 through 1440.
Vuln ID Summary CVSS Severity
CVE-2017-18525

The megamenu plugin before 2.4 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18521

The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18516

The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10891

The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10890

The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-10379

The duplicate-post plugin before 2.6 for WordPress has SQL injection.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-10378

The duplicate-post plugin before 2.6 for WordPress has XSS.

Published: August 21, 2019; 03:15:12 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-10377

The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.

Published: August 21, 2019; 03:15:11 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2012-6714

The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.

Published: August 21, 2019; 03:15:11 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-5041

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5033

An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-5032

An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15295

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2019-12623

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-12622

A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges. The vulnerability is due to insufficient permission restrictions on a specific process. An attacker could exploit this vulnerability by logging in to an affected device with remote support credentials and initiating the specific process on the device and sending crafted data to that process. A successful exploit could allow the attacker to write files to the underlying file system with root privileges.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-12621

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2019-11897

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 8.6 HIGH
    V2: 5.0 MEDIUM
CVE-2019-11551

In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through the Code42 app to a location they do not have privileges to write.

Published: August 21, 2019; 02:15:13 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2017-18564

The sender plugin before 1.2.1 for WordPress has multiple XSS issues.

Published: August 21, 2019; 02:15:11 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18563

The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.

Published: August 21, 2019; 02:15:11 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM