CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2016-11015 352 CSRF 2019-10-16 2020-11-10
4.3
None Remote Medium Not required None Partial None
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.
1402 CVE-2016-11014 613 2019-10-16 2020-11-10
7.5
None Remote Low Not required Partial Partial Partial
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
1403 CVE-2016-5202 732 2019-10-25 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
1404 CVE-2016-4289 787 Exec Code Overflow 2019-10-29 2019-11-01
2.1
None Local Low Not required None None Partial
A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability.
1405 CVE-2016-2360 798 2019-10-25 2019-10-29
5.0
None Remote Low Not required Partial None None
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
1406 CVE-2016-2359 287 Bypass 2019-10-25 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
1407 CVE-2016-2358 798 2019-10-25 2019-10-29
5.0
None Remote Low Not required Partial None None
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
1408 CVE-2016-2357 798 2019-10-25 2019-10-29
5.0
None Remote Low Not required Partial None None
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
1409 CVE-2016-2356 120 Overflow 2019-10-25 2019-10-29
7.5
None Remote Low Not required Partial Partial Partial
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
1410 CVE-2015-9536 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1411 CVE-2015-9535 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1412 CVE-2015-9534 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Quota theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1413 CVE-2015-9533 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1414 CVE-2015-9532 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1415 CVE-2015-9531 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1416 CVE-2015-9530 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Upload File extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1417 CVE-2015-9529 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Stripe extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1418 CVE-2015-9528 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Software Licensing extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1419 CVE-2015-9527 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Simple Shipping extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1420 CVE-2015-9526 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Reviews extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1421 CVE-2015-9525 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Recurring Payments extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1422 CVE-2015-9524 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1423 CVE-2015-9523 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1424 CVE-2015-9522 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1425 CVE-2015-9521 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1426 CVE-2015-9520 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Per Product Emails extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1427 CVE-2015-9519 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1428 CVE-2015-9518 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1429 CVE-2015-9517 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Manual Purchases extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1430 CVE-2015-9516 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Invoices extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1431 CVE-2015-9515 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1432 CVE-2015-9514 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1433 CVE-2015-9513 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1434 CVE-2015-9512 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1435 CVE-2015-9511 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1436 CVE-2015-9510 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1437 CVE-2015-9509 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1438 CVE-2015-9508 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1439 CVE-2015-9507 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1440 CVE-2015-9506 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
1441 CVE-2015-9505 79 XSS 2019-10-23 2021-10-26
4.3
None Remote Medium Not required None Partial None
The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused.
1442 CVE-2015-9504 79 XSS 2019-10-23 2019-10-28
4.3
None Remote Medium Not required None Partial None
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter.
1443 CVE-2015-9503 79 XSS 2019-10-23 2019-10-28
4.3
None Remote Medium Not required None Partial None
The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier.
1444 CVE-2015-9502 79 XSS 2019-10-23 2019-10-28
4.3
None Remote Medium Not required None Partial None
The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier.
1445 CVE-2015-9501 79 XSS 2019-10-22 2019-10-23
4.3
None Remote Medium Not required None Partial None
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
1446 CVE-2015-9500 79 XSS 2019-10-22 2019-10-24
4.3
None Remote Medium Not required None Partial None
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
1447 CVE-2015-9499 434 Exec Code 2019-10-22 2019-10-28
7.5
None Remote Low Not required Partial Partial Partial
The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive.
1448 CVE-2015-9498 352 CSRF 2019-10-22 2019-10-24
6.8
None Remote Medium Not required Partial Partial Partial
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
1449 CVE-2015-9497 352 XSS CSRF 2019-10-22 2019-10-23
6.8
None Remote Medium Not required Partial Partial Partial
The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php.
1450 CVE-2015-9496 89 Sql 2019-10-22 2019-10-24
6.5
None Remote Low ??? Partial Partial Partial
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.