CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-7321 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The tubepress plugin before 1.6.5 for WordPress has XSS.
2 CVE-2009-5158 20 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.
3 CVE-2011-5328 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The user-access-manager plugin before 1.2 for WordPress has CSRF.
4 CVE-2011-5329 79 XSS 2019-08-28 2019-08-30
4.3
None Remote Medium Not required None Partial None
The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562.
5 CVE-2012-6713 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.
6 CVE-2012-6714 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
7 CVE-2012-6715 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.
8 CVE-2012-6716 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
9 CVE-2012-6717 79 XSS 2019-08-28 2019-08-30
4.3
None Remote Medium Not required None Partial None
The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.
10 CVE-2012-6718 79 XSS 2019-08-28 2019-08-28
4.3
None Remote Medium Not required None Partial None
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491.
11 CVE-2012-6719 89 Sql 2019-08-28 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The sharebar plugin before 1.2.2 for WordPress has SQL injection.
12 CVE-2013-7473 352 CSRF 2019-08-01 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.
13 CVE-2013-7474 79 XSS 2019-08-01 2019-08-06
4.3
None Remote Medium Not required None Partial None
Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.
14 CVE-2013-7475 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-plugin plugin before 3.52 for WordPress has XSS.
15 CVE-2013-7476 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.
16 CVE-2013-7477 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
17 CVE-2013-7478 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
18 CVE-2013-7479 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
19 CVE-2013-7480 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
20 CVE-2013-7481 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
21 CVE-2013-7482 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The reflex-gallery plugin before 1.4.3 for WordPress has XSS.
22 CVE-2013-7483 20 File Inclusion 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.
23 CVE-2014-8183 284 2019-08-01 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
24 CVE-2014-8184 119 Exec Code Overflow 2019-08-02 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.
25 CVE-2014-10375 189 2019-08-14 2019-08-27
5.0
None Remote Low Not required None Partial None
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
26 CVE-2014-10376 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
27 CVE-2014-10377 79 XSS 2019-08-21 2019-08-27
4.3
None Remote Medium Not required None Partial None
The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.
28 CVE-2014-10378 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The duplicate-post plugin before 2.6 for WordPress has XSS.
29 CVE-2014-10379 89 Sql 2019-08-21 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
30 CVE-2014-10380 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
31 CVE-2014-10381 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
32 CVE-2014-10382 352 CSRF 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
33 CVE-2014-10383 20 File Inclusion 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.
34 CVE-2014-10384 20 File Inclusion 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.
35 CVE-2014-10385 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.
36 CVE-2014-10386 74 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
37 CVE-2014-10387 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
38 CVE-2014-10388 200 +Info 2019-08-22 2019-08-29
5.0
None Remote Low Not required Partial None None
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.
39 CVE-2014-10389 287 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.
40 CVE-2014-10390 22 Dir. Trav. 2019-08-22 2019-08-29
6.4
None Remote Low Not required Partial Partial None
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
41 CVE-2014-10391 74 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.
42 CVE-2014-10392 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The cforms2 plugin before 10.2 for WordPress has XSS.
43 CVE-2014-10393 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The cforms2 plugin before 10.5 for WordPress has XSS.
44 CVE-2014-10394 74 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.
45 CVE-2014-10395 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
46 CVE-2015-7559 20 DoS 2019-08-01 2019-10-09
4.0
None Remote Low ??? None None Partial
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
47 CVE-2015-9291 284 2019-08-01 2019-08-07
5.0
None Remote Low Not required Partial None None
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
48 CVE-2015-9292 352 CSRF 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
49 CVE-2015-9293 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
50 CVE-2015-9294 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
Total number of vulnerabilities : 2004   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.