Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-15060 |
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. Published: August 22, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2019-12386 |
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker. Published: August 22, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-12385 |
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality. Published: August 22, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-20988 |
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. Published: August 22, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-18586 |
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths. Published: August 22, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2016-10930 |
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number. Published: August 22, 2019; 3:15:14 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-9341 |
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-10394 |
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-10392 |
The cforms2 plugin before 10.2 for WordPress has XSS. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-10391 |
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-10390 |
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2014-10389 |
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-10388 |
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2014-10387 |
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. Published: August 22, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-14469 |
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. Published: August 22, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-7617 |
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing. Published: August 22, 2019; 1:15:10 PM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.4 MEDIUM |
CVE-2019-9155 |
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key. Published: August 22, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-9154 |
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. Published: August 22, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-9153 |
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. Published: August 22, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-14751 |
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. Published: August 22, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |