News aggregator

CVE-2015-9390

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.
Categories: Security News

CVE-2015-9391

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.
Categories: Security News

CVE-2016-10996 (optinmonster)

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.
Categories: Security News

CVE-2016-10997 (beauty-premium)

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
Categories: Security News

CVE-2016-10998 (ocim-mp3)

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.
Categories: Security News

CVE-2015-9384 (relevant)

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The relevant plugin before 1.0.8 for WordPress has XSS.
Categories: Security News

CVE-2015-9385

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The quotes-and-tips plugin before 1.20 for WordPress has XSS.
Categories: Security News

CVE-2015-9386

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.
Categories: Security News

CVE-2015-9387

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.
Categories: Security News

CVE-2015-9388

National Vulnerability Database - Fri, 09/20/2019 - 11:15
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.
Categories: Security News

CVE-2019-14916

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.
Categories: Security News

CVE-2019-15085

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
Categories: Security News

CVE-2019-15086

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.
Categories: Security News

CVE-2019-15087

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
Categories: Security News

CVE-2019-15088

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.
Categories: Security News

CVE-2019-15089

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
Categories: Security News

CVE-2019-14911

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.
Categories: Security News

CVE-2019-14912

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
Categories: Security News

CVE-2019-14913

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.
Categories: Security News

CVE-2019-14914

National Vulnerability Database - Fri, 09/20/2019 - 10:15
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
Categories: Security News

Pages