Security News

CVE-2019-15873

National Vulnerability Database - Tue, 09/03/2019 - 09:15
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
Categories: Security News

CVE-2019-15871

National Vulnerability Database - Tue, 09/03/2019 - 09:15
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.
Categories: Security News

CVE-2019-15863

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.
Categories: Security News

CVE-2019-15864 (breadcrumbs_by_menu)

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.
Categories: Security News

CVE-2019-15865 (breadcrumbs_by_menu)

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.
Categories: Security News

CVE-2019-15866

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
Categories: Security News

CVE-2019-15867

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action.
Categories: Security News

CVE-2019-15868 (affiliates_manager)

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The affiliates-manager plugin before 2.6.6 for WordPress has CSRF.
Categories: Security News

CVE-2019-15869 (jobcareer)

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The JobCareer theme before 2.5.1 for WordPress has stored XSS.
Categories: Security News

CVE-2019-15870 (carspot)

National Vulnerability Database - Tue, 09/03/2019 - 08:15
The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.
Categories: Security News

CVE-2019-15043

National Vulnerability Database - Tue, 09/03/2019 - 08:15
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
Categories: Security News

CVE-2019-15858

National Vulnerability Database - Tue, 09/03/2019 - 03:15
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.
Categories: Security News

CVE-2019-15860

National Vulnerability Database - Tue, 09/03/2019 - 03:15
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.
Categories: Security News

CVE-2019-15851

National Vulnerability Database - Tue, 09/03/2019 - 01:15
In SoX 14.4.2, there is an integer overflow in startread in sox-fmt.c. This can, for example, have a resultant NULL pointer dereference.
Categories: Security News

CVE-2015-9381

National Vulnerability Database - Tue, 09/03/2019 - 01:15
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
Categories: Security News

CVE-2015-9382

National Vulnerability Database - Tue, 09/03/2019 - 01:15
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
Categories: Security News

CVE-2015-9383

National Vulnerability Database - Tue, 09/03/2019 - 01:15
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
Categories: Security News

CVE-2019-15847

National Vulnerability Database - Mon, 09/02/2019 - 19:15
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
Categories: Security News

CVE-2019-15834

National Vulnerability Database - Fri, 08/30/2019 - 13:15
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.
Categories: Security News

CVE-2019-15835

National Vulnerability Database - Fri, 08/30/2019 - 13:15
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.
Categories: Security News

Pages