Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2016-10918 The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. | N/A | NONE | β | 0 |
| CVE-2016-10919 The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | N/A | NONE | β | 0 |
| CVE-2016-10920 The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2016-10921 The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | N/A | NONE | β | 0 |
| CVE-2017-18570 The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries. | N/A | NONE | β | 0 |
| CVE-2017-18571 The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316. | N/A | NONE | β | 0 |
| CVE-2017-18572 The gnucommerce plugin before 1.4.2 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2017-18573 The simple-login-log plugin before 1.1.2 for WordPress has SQL injection. | N/A | NONE | β | 0 |
| CVE-2017-18574 The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder. | N/A | NONE | β | 0 |
| CVE-2017-18575 The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | N/A | NONE | β | 0 |
| CVE-2018-20979 The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. | N/A | NONE | β | 0 |
| CVE-2018-20980 The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | N/A | NONE | β | 0 |
| CVE-2018-20981 The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | N/A | NONE | β | 0 |
| CVE-2018-20982 The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | N/A | NONE | β | 0 |
| CVE-2019-14511 Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). | N/A | NONE | β | 0 |
| CVE-2019-15314 tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | N/A | NONE | β | 0 |
| CVE-2019-15317 The give plugin before 2.4.7 for WordPress has XSS via a donor name. | N/A | NONE | β | 0 |
| CVE-2019-15318 The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field. | N/A | NONE | β | 0 |
| CVE-2008-7321 The tubepress plugin before 1.6.5 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2013-7482 The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2014-10383 The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. | N/A | NONE | β | 0 |
| CVE-2014-10384 The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. | N/A | NONE | β | 0 |
| CVE-2014-10385 The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | N/A | NONE | β | 0 |
| CVE-2015-9337 The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX. | N/A | NONE | β | 0 |
| CVE-2016-10922 The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. | N/A | NONE | β | 0 |
| CVE-2016-10923 The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. | N/A | NONE | β | 0 |
| CVE-2016-10924 The ebook-download plugin before 1.2 for WordPress has directory traversal. | N/A | NONE | β | 0 |
| CVE-2016-10925 The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | N/A | NONE | β | 0 |
| CVE-2016-10926 The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php. | N/A | NONE | β | 0 |
| CVE-2016-10927 The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php. | N/A | NONE | β | 0 |
| CVE-2017-18576 The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. | N/A | NONE | β | 0 |
| CVE-2017-18580 The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. | N/A | NONE | β | 0 |
| CVE-2017-18581 The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. | N/A | NONE | β | 0 |
| CVE-2017-18582 The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. | N/A | NONE | β | 0 |
| CVE-2017-18583 The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. | N/A | NONE | β | 0 |
| CVE-2017-18584 The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. | N/A | NONE | β | 0 |
| CVE-2018-20983 The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | N/A | NONE | β | 0 |
| CVE-2018-0052 If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. Th... | N/A | NONE | β | 0 |
| CVE-2018-0053 An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system without authentication when the... | N/A | NONE | β | 0 |
| CVE-2018-0054 On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause frames or an ARP packet storm received on the management interface (fxp0) can cause egress interface congestion, resulting in routi... | N/A | NONE | β | 0 |
| CVE-2018-1706 IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential... | N/A | NONE | β | 0 |
| CVE-2018-0055 Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge (BBE) environment may result in a jdhcpd daemon crash. The daemon automatica... | N/A | NONE | β | 0 |
| CVE-2018-0056 If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learnin... | N/A | NONE | β | 0 |
| CVE-2018-0057 On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP add... | N/A | NONE | β | 0 |
| CVE-2018-0058 Receipt of a specially crafted IPv6 exception packet may be able to trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of Broadband Edge (BBE) clien... | N/A | NONE | β | 0 |
| CVE-2018-0059 A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials ... | N/A | NONE | β | 0 |
| CVE-2018-0060 An improper input validation weakness in the device control daemon process (dcd) of Juniper Networks Junos OS allows an attacker to cause a Denial of Service to the dcd process and interfaces and conn... | N/A | NONE | β | 0 |
| CVE-2018-18785 An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | N/A | NONE | β | 0 |
| CVE-2018-0061 A denial of service vulnerability in the telnetd service on Junos OS allows remote unauthenticated users to cause high CPU usage which may affect system performance. Affected releases are Juniper Netw... | N/A | NONE | β | 0 |
| CVE-2018-0062 A Denial of Service vulnerability in J-Web service may allow a remote unauthenticated user to cause Denial of Service which may prevent other users to authenticate or to perform J-Web operations. Affe... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.