VYPR

CVEs

101,962 total · page 1579 of 2,040

  • CVE-2015-9483HigOct 11, 2019
    risk 0.49cvss 7.5epss 0.03

    The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the…

  • CVE-2015-9482HigOct 11, 2019
    risk 0.49cvss 7.5epss 0.03

    The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat…

  • CVE-2015-9481HigOct 11, 2019
    risk 0.49cvss 7.5epss 0.03

    The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.

  • CVE-2019-17499HigOct 11, 2019
    risk 0.57cvss 8.8epss 0.03

    The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.

  • CVE-2010-5335HigOct 11, 2019
    risk 0.49cvss 7.5epss 0.03

    IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can…

  • CVE-2010-5334HigOct 11, 2019
    risk 0.49cvss 7.5epss 0.03

    IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be…

  • CVE-2019-17490HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.01

    app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.

  • CVE-2019-17386HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.01

    The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.

  • CVE-2019-9534HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.00

    The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware…

  • CVE-2019-9532HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.00

    The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.

  • CVE-2019-15051HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.

  • CVE-2019-11528HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.

  • CVE-2019-11527HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.

  • CVE-2019-5527HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.00

    ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

  • CVE-2015-9480HigOct 10, 2019
    risk 0.50cvss 7.5epss 0.13

    The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.

  • CVE-2015-9477HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.01

    The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.

  • CVE-2015-9476HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.01

    The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.

  • CVE-2015-9475HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.01

    The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.

  • CVE-2015-9474HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.01

    The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.

  • CVE-2015-9473HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.04

    The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.

  • CVE-2015-9470HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.04

    The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.

  • CVE-2015-9465HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.02

    The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.

  • CVE-2015-9463HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.04

    The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.

  • CVE-2015-9464HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.04

    The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.

  • CVE-2015-9462HigOct 10, 2019
    risk 0.47cvss 7.2epss 0.02

    The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.

  • CVE-2015-9461HigOct 10, 2019
    risk 0.47cvss 7.2epss 0.02

    The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.

  • CVE-2015-9460HigOct 10, 2019
    risk 0.57cvss 8.8epss 0.02

    The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.

  • CVE-2015-9458HigOct 10, 2019
    risk 0.47cvss 7.2epss 0.02

    The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.

  • CVE-2015-9457HigOct 10, 2019
    risk 0.47cvss 7.2epss 0.02

    The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.

  • CVE-2019-1378HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.

  • CVE-2019-1371HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.07

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

  • CVE-2019-1366HigOct 10, 2019
    risk 0.43cvss 7.5epss 0.10

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.

  • CVE-2019-1364HigOct 10, 2019
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.

  • CVE-2019-1362HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.

  • CVE-2019-1359HigOct 10, 2019
    risk 0.52cvss 7.8epss 0.18

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.

  • CVE-2019-1358HigOct 10, 2019
    risk 0.57cvss 7.8epss 0.76

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.

  • CVE-2019-1342HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.

  • CVE-2019-1341HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.

  • CVE-2019-1340HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.…

  • CVE-2019-1339HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.

  • CVE-2019-1336HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.

  • CVE-2019-1335HigOct 10, 2019
    risk 0.43cvss 7.5epss 0.10

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.

  • CVE-2019-1333HigOct 10, 2019
    risk 0.58cvss 8.8epss 0.15

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

  • CVE-2019-1331HigOct 10, 2019
    risk 0.59cvss 8.8epss 0.18

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.

  • CVE-2019-1327HigOct 10, 2019
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.

  • CVE-2019-1326HigOct 10, 2019
    risk 0.49cvss 7.5epss 0.06

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

  • CVE-2019-1323HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336.

  • CVE-2019-1322HigKEVOct 10, 2019
    risk 0.73cvss 7.8epss 0.19

    An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.

  • CVE-2019-1321HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.

  • CVE-2019-1320HigOct 10, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.