Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 ... 5 6 7 8 9 10 11 12 13 14 [15] 16 17 18 19 20 21 22 23 24 25 ...Result(s) : 130797

Alerts Feed Alerts

DateNameCategoriesDetail
52019-10-10CVE-2015-9464cve The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
52019-10-10CVE-2015-9463cve The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
6.52019-10-10CVE-2015-9462cve The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
6.52019-10-10CVE-2015-9461cve The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
6.52019-10-10CVE-2015-9460cve The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
4.32019-10-10CVE-2015-9459cve The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.
6.52019-10-10CVE-2015-9458cve The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
N/A2019-10-10CVE-2015-9457cve The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
3.52019-10-10CVE-2019-17434cve LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen.
3.52019-10-10CVE-2019-17433cve z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
4.32019-10-10CVE-2019-17432cve An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name&#...
6.82019-10-10CVE-2019-17431cve An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.
4.32019-10-10CVE-2019-17430cve EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
7.52019-10-10CVE-2019-17429cve Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter.
7.52019-10-10CVE-2019-17072cve The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php.
4.32019-10-10CVE-2019-17071cve The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.
4.32019-10-10CVE-2019-17070cve The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer.
4.32019-10-09CVE-2019-17427cve In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors.
6.42019-10-09CVE-2019-17426cve Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, a...
52019-10-09CVE-2019-17420cve In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a sin...
Page(s) : 1 ... 5 6 7 8 9 10 11 12 13 14 [15] 16 17 18 19 20 21 22 23 24 25 ...Result(s) : 130797