CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2015-9495 79 XSS 2019-10-22 2019-10-24
4.3
None Remote Medium Not required None Partial None
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.
1452 CVE-2015-9494 79 XSS 2019-10-22 2019-10-24
4.3
None Remote Medium Not required None Partial None
The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.
1453 CVE-2015-9493 79 XSS 2019-10-22 2019-10-23
4.3
None Remote Medium Not required None Partial None
The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.
1454 CVE-2015-9492 200 +Info 2019-10-11 2019-10-16
5.0
None Remote Low Not required Partial None None
The ThemeMakers SmartIT Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1455 CVE-2015-9491 200 +Info 2019-10-11 2019-10-18
5.0
None Remote Low Not required Partial None None
The ThemeMakers Blessing Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1456 CVE-2015-9490 200 +Info 2019-10-11 2019-10-18
5.0
None Remote Low Not required Partial None None
The ThemeMakers GamesTheme Premium theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1457 CVE-2015-9489 200 +Info 2019-10-11 2019-10-18
5.0
None Remote Low Not required Partial None None
The ThemeMakers Goodnex Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1458 CVE-2015-9488 200 +Info 2019-10-11 2019-10-18
5.0
None Remote Low Not required Partial None None
The ThemeMakers Almera Responsive Portfolio Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1459 CVE-2015-9487 200 +Info 2019-10-11 2019-10-18
5.0
None Remote Low Not required Partial None None
The ThemeMakers Almera Responsive Portfolio theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1460 CVE-2015-9486 200 +Info 2019-10-11 2019-10-18
5.0
None Remote Low Not required Partial None None
The ThemeMakers Axioma Premium Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1461 CVE-2015-9485 200 +Info 2019-10-11 2020-04-09
5.0
None Remote Low Not required Partial None None
The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1462 CVE-2015-9484 200 +Info 2019-10-11 2019-10-18
5.0
None Remote Low Not required Partial None None
The ThemeMakers Accio One Page Parallax Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1463 CVE-2015-9483 200 +Info 2019-10-11 2020-05-06
5.0
None Remote Low Not required Partial None None
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1464 CVE-2015-9482 200 +Info 2019-10-11 2019-10-17
5.0
None Remote Low Not required Partial None None
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1465 CVE-2015-9481 200 +Info 2019-10-11 2019-10-17
5.0
None Remote Low Not required Partial None None
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
1466 CVE-2015-9480 22 Dir. Trav. 2019-10-10 2019-10-15
5.0
None Remote Low Not required Partial None None
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
1467 CVE-2015-9479 434 2019-10-10 2019-10-17
7.5
None Remote Low Not required Partial Partial Partial
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.
1468 CVE-2015-9478 79 XSS 2019-10-10 2019-10-15
4.3
None Remote Medium Not required None Partial None
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
1469 CVE-2015-9477 276 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
1470 CVE-2015-9476 276 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
1471 CVE-2015-9475 276 2019-10-10 2019-10-16
6.5
None Remote Low ??? Partial Partial Partial
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
1472 CVE-2015-9474 276 2019-10-10 2019-10-16
6.5
None Remote Low ??? Partial Partial Partial
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
1473 CVE-2015-9473 22 Dir. Trav. 2019-10-10 2019-10-15
5.0
None Remote Low Not required Partial None None
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.
1474 CVE-2015-9472 79 XSS 2019-10-10 2019-10-15
4.3
None Remote Medium Not required None Partial None
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
1475 CVE-2015-9471 434 2019-10-10 2021-09-02
7.5
None Remote Low Not required Partial Partial Partial
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.
1476 CVE-2015-9470 22 Dir. Trav. 2019-10-10 2019-10-16
5.0
None Remote Low Not required Partial None None
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.
1477 CVE-2015-9469 79 XSS 2019-10-10 2019-10-16
3.5
None Remote Medium ??? None Partial None
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
1478 CVE-2015-9468 79 XSS 2019-10-10 2019-10-11
4.3
None Remote Medium Not required None Partial None
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
1479 CVE-2015-9467 89 Sql 2019-10-10 2019-10-11
7.5
None Remote Low Not required Partial Partial Partial
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
1480 CVE-2015-9466 89 Sql 2019-10-10 2019-10-17
7.5
None Remote Low Not required Partial Partial Partial
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
1481 CVE-2015-9465 89 Sql 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
1482 CVE-2015-9464 22 Dir. Trav. 2019-10-10 2019-10-15
5.0
None Remote Low Not required Partial None None
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
1483 CVE-2015-9463 22 Dir. Trav. 2019-10-10 2019-10-15
5.0
None Remote Low Not required Partial None None
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
1484 CVE-2015-9462 89 Sql 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
1485 CVE-2015-9461 89 Sql 2019-10-10 2019-10-11
6.5
None Remote Low ??? Partial Partial Partial
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
1486 CVE-2015-9460 89 Sql 2019-10-10 2019-10-15
6.5
None Remote Low ??? Partial Partial Partial
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
1487 CVE-2015-9459 79 XSS 2019-10-10 2019-10-11
4.3
None Remote Medium Not required None Partial None
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.
1488 CVE-2015-9458 89 Sql CSRF 2019-10-10 2019-10-11
6.5
None Remote Low ??? Partial Partial Partial
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
1489 CVE-2015-9457 89 Sql 2019-10-10 2019-10-16
6.5
None Remote Low ??? Partial Partial Partial
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
1490 CVE-2015-9456 732 2019-10-07 2019-10-10
4.0
None Remote Low ??? None Partial None
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter.
1491 CVE-2015-9455 352 Dir. Trav. CSRF 2019-10-07 2019-10-10
7.8
None Remote Medium Not required None Partial Complete
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
1492 CVE-2015-9454 89 Sql 2019-10-07 2019-10-10
6.5
None Remote Low ??? Partial Partial Partial
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
1493 CVE-2015-9453 79 XSS 2019-10-07 2019-10-10
4.3
None Remote Medium Not required None Partial None
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
1494 CVE-2015-9452 89 Sql 2019-10-07 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
1495 CVE-2015-9451 89 Sql 2019-10-07 2019-10-08
7.5
None Remote Low Not required Partial Partial Partial
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter.
1496 CVE-2015-9450 89 Sql 2019-10-07 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter.
1497 CVE-2015-0270 89 Sql 2019-10-25 2019-10-30
7.5
None Remote Low Not required Partial Partial Partial
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
1498 CVE-2014-2304 20 DoS 2019-10-23 2019-10-30
5.0
None Remote Low Not required None None Partial
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures.
1499 CVE-2013-7333 20 2019-10-23 2019-10-25
7.8
None Remote Low Not required None None Complete
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch.
1500 CVE-2013-4857 91 File Inclusion 2019-10-25 2019-10-28
7.5
None Remote Low Not required Partial Partial Partial
D-Link DIR-865L has PHP File Inclusion in the router xml file.
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.