Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2019-17264 —
** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed t... read CVE-2019-17264
Published: October 06, 2019; 06:15:10 PM -04:00
-
CVE-2015-9453 —
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
Published: October 07, 2019; 11:15:10 AM -04:00
-
CVE-2015-9454 —
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
Published: October 07, 2019; 11:15:10 AM -04:00
-
CVE-2019-1313 —
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376... read CVE-2019-1313
Published: October 10, 2019; 10:15:15 AM -04:00
-
CVE-2015-9455 —
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
Published: October 07, 2019; 11:15:10 AM -04:00
-
CVE-2019-1376 —
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313... read CVE-2019-1376
Published: October 10, 2019; 10:15:18 AM -04:00
-
CVE-2015-9456 —
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_c... read CVE-2015-9456
Published: October 07, 2019; 11:15:10 AM -04:00
-
CVE-2019-17130 —
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Published: October 04, 2019; 08:15:11 AM -04:00
-
CVE-2019-17071 —
The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.
Published: October 10, 2019; 08:10:19 AM -04:00
-
CVE-2019-17430 —
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
Published: October 10, 2019; 08:10:23 AM -04:00
-
CVE-2019-17402 —
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset an... read CVE-2019-17402
Published: October 09, 2019; 03:15:14 PM -04:00
-
CVE-2018-19725 —
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
Published: March 05, 2019; 03:15:20 PM -05:00
-
CVE-2019-16891 —
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
Published: October 04, 2019; 10:15:11 AM -04:00
-
CVE-2019-12811 —
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution
Published: October 07, 2019; 11:15:10 AM -04:00
-
CVE-2019-17192 —
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a de... read CVE-2019-17192
Published: October 04, 2019; 10:15:11 PM -04:00
-
CVE-2019-3834 —
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader propertie... read CVE-2019-3834
Published: October 03, 2019; 10:15:11 AM -04:00
-
CVE-2019-15859 —
Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI.
Published: October 09, 2019; 12:15:14 PM -04:00
-
CVE-2019-0369 —
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vu... read CVE-2019-0369
Published: October 08, 2019; 04:15:11 PM -04:00
-
CVE-2019-17184 —
Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges.
Published: October 04, 2019; 07:15:10 PM -04:00
-
CVE-2019-11655 —
Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, version 6.7.0 and later. This vulnerability could allow Unrestricted Upload of File with Dangerous type.
Published: October 04, 2019; 04:15:11 PM -04:00