National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,932 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

Published: September 20, 2019; 11:15:12 AM -04:00
(not available)
CVE-2015-9389

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.

Published: September 20, 2019; 11:15:12 AM -04:00
(not available)
CVE-2015-9388

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9387

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9386

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9385

The quotes-and-tips plugin before 1.20 for WordPress has XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9384

The relevant plugin before 1.0.8 for WordPress has XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2019-15089

An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-15088

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-15087

An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-15086

An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-15085

An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-14916

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-14915

An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14914

An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14913

An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14912

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14911

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-16531

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

Published: September 19, 2019; 10:16:13 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-9720

A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.

Published: September 19, 2019; 05:15:10 PM -04:00
(not available)