Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-10916 |
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-9336 |
The clean-login plugin before 1.5.1 for WordPress has reflected XSS. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-9335 |
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-9333 |
The cforms2 plugin before 14.6.10 for WordPress has SQL injection. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-7481 |
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-7480 |
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-7479 |
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-7478 |
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-7477 |
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-6716 |
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. Published: August 22, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2009-5158 |
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. Published: August 22, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-6177 |
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018. Published: August 21, 2019; 4:15:13 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-5638 |
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. Published: August 21, 2019; 4:15:13 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2019-15316 |
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. Published: August 21, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2019-15315 |
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. Published: August 21, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-14686 |
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges. Published: August 21, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14685 |
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. Published: August 21, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-13476 |
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page. Published: August 21, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-11603 |
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. Published: August 21, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-11602 |
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. Published: August 21, 2019; 4:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |