| Page(s) : 1 ... 983 984 985 986 987 988 989 990 991 992 [993] 994 995 996 997 998 999 1000 1001 1002 1003 ... | Result(s) : 43587 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 9.8 | 2019-10-10 | CVE-2019-11526 | cve | An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write... |
| 9.8 | 2019-10-10 | CVE-2015-9479 | cve | The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index... |
| 9.8 | 2019-10-10 | CVE-2015-9471 | cve | The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload. |
| 9.8 | 2019-10-10 | CVE-2015-9467 | cve | The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. |
| 9.8 | 2019-10-10 | CVE-2015-9466 | cve | The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, ... |
| 9.8 | 2019-10-10 | CVE-2019-17429 | cve | Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id parameter. |
| 9.8 | 2019-10-10 | CVE-2019-17072 | cve | The new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin 1.0.9 for WordPress has SQL Injection via all-query-page.php. |
| 9.1 | 2019-10-09 | CVE-2019-17382 | cve | An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then cr... |
| 9.8 | 2019-10-09 | CVE-2019-17383 | cve | The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. |
| 9.8 | 2019-10-09 | CVE-2019-17399 | cve | The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment. |
| 9.8 | 2019-10-09 | CVE-2019-15019 | cve | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspe... |
| 9.8 | 2019-10-09 | CVE-2019-15020 | cve | A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update image to the Zingbox Inspe... |
| 9.8 | 2019-10-09 | CVE-2019-1584 | cve | A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zin... |
| 9.8 | 2019-10-09 | CVE-2019-17415 | cve | A Structured Exception Handler (SEH) based buffer overflow in File Sharing Wizard 1.5.0 26-8-2008 allows remote unauthenticated attackers to execute arbitrary code via the HTTP ... |
| 9.8 | 2019-10-09 | CVE-2019-9535 | cve | A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output t... |
| 9.8 | 2019-10-09 | CVE-2019-17124 | cve | Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. |
| 9.4 | 2019-10-09 | CVE-2019-17354 | cve | wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WA... |
| 9.8 | 2019-10-09 | CVE-2019-17373 | cve | Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR15... |
| 9.1 | 2019-10-09 | CVE-2019-17426 | cve | Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, a... |
| 9.8 | 2019-10-09 | CVE-2019-15859 | cve | Password disclosure in the web interface on socomec DIRIS A-40 devices before 48250501 allows a remote attacker to get full access to a device via the /password.jsn URI. |
| Page(s) : 1 ... 983 984 985 986 987 988 989 990 991 992 [993] 994 995 996 997 998 999 1000 1001 1002 1003 ... | Result(s) : 43587 |
