National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,875 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2019-16264

In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-21017

GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-21016

audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-21015

AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10971

The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-10970

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10969

The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10968

The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10967

The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.

Published: September 16, 2019; 09:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10966

The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-10965

The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2016-10964

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10963

The icegram plugin before 1.9.19 for WordPress has XSS.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10962

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10961

The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-10960

The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2016-10959

The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2016-10958

The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-10957

The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.

Published: September 16, 2019; 09:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM