CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2014-4536 79 XSS 2019-12-27 2020-01-07
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
1452 CVE-2014-4535 79 XSS 2019-12-27 2020-01-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
1453 CVE-2014-4525 79 XSS 2019-12-27 2019-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
1454 CVE-2014-4523 79 XSS 2019-12-27 2019-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Easy Career Openings plugin 0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
1455 CVE-2014-4519 79 XSS 2019-12-27 2019-12-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.61 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the 'page' parameter.
1456 CVE-2014-3701 362 2019-12-15 2019-12-19
9.3
None Remote Medium Not required Complete Complete Complete
eDeploy has tmp file race condition flaws
1457 CVE-2014-3699 502 2019-12-15 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
eDeploy has RCE via cPickle deserialization of untrusted data
1458 CVE-2014-3656 79 XSS 2019-12-10 2019-12-10
4.3
None Remote Medium Not required None Partial None
JBoss KeyCloak: XSS in login-status-iframe.html
1459 CVE-2014-3652 601 2019-12-15 2019-12-19
5.8
None Remote Medium Not required Partial Partial None
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
1460 CVE-2014-3643 611 2019-12-15 2019-12-19
5.0
None Remote Low Not required Partial None None
jersey: XXE via parameter entities not disabled by the jersey SAX parser
1461 CVE-2014-3536 532 2019-12-15 2019-12-19
2.1
None Local Low Not required Partial None None
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
1462 CVE-2014-3495 295 2019-12-13 2019-12-19
5.0
None Remote Low Not required Partial None None
duplicity 0.6.24 has improper verification of SSL certificates
1463 CVE-2014-3136 352 CSRF 2019-12-27 2020-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.
1464 CVE-2014-2387 668 2019-12-13 2019-12-19
4.6
None Local Low Not required Partial Partial Partial
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities
1465 CVE-2014-1867 287 Exec Code Bypass 2019-12-13 2019-12-17
4.4
None Local Medium Not required Partial Partial Partial
suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution
1466 CVE-2014-0242 200 +Info 2019-12-09 2019-12-17
4.3
None Remote Medium Not required Partial None None
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
1467 CVE-2014-0241 522 2019-12-13 2019-12-18
2.1
None Local Low Not required Partial None None
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
1468 CVE-2014-0212 400 2019-12-13 2019-12-19
5.0
None Remote Low Not required None None Partial
qpid-cpp: ACL policies only loaded if the acl-file option specified enabling DoS by consuming all available file descriptors
1469 CVE-2014-0197 352 CSRF 2019-12-13 2019-12-18
6.8
None Remote Medium Not required Partial Partial Partial
CFME: CSRF protection vulnerability via permissive check of the referrer header
1470 CVE-2014-0175 798 2019-12-13 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
mcollective has a default password set at install
1471 CVE-2014-0163 78 2019-12-11 2019-12-16
9.0
None Remote Low ??? Complete Complete Complete
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
1472 CVE-2014-0091 20 DoS 2019-12-11 2019-12-16
5.0
None Remote Low Not required None None Partial
Foreman has improper input validation which could lead to partial Denial of Service
1473 CVE-2014-0026 352 CSRF 2019-12-11 2019-12-13
4.3
None Remote Medium Not required None Partial None
katello-headpin is vulnerable to CSRF in REST API
1474 CVE-2013-7371 79 XSS 2019-12-11 2019-12-16
4.3
None Remote Medium Not required None Partial None
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
1475 CVE-2013-7370 79 XSS 2019-12-11 2019-12-17
4.3
None Remote Medium Not required None Partial None
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
1476 CVE-2013-7325 Exec Code 2019-12-03 2019-12-06
6.5
None Remote Low ??? Partial Partial Partial
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
1477 CVE-2013-7071 79 XSS 2019-12-31 2020-01-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
1478 CVE-2013-7070 74 Exec Code 2019-12-31 2020-01-09
10.0
None Remote Low Not required Complete Complete Complete
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.
1479 CVE-2013-6495 79 XSS 2019-12-11 2019-12-13
4.3
None Remote Medium Not required None Partial None
JBossWeb Bayeux has reflected XSS
1480 CVE-2013-5978 79 1 XSS 2019-12-11 2019-12-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
1481 CVE-2013-5743 89 Sql 2019-12-11 2019-12-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
1482 CVE-2013-5027 269 2019-12-27 2019-12-30
7.5
None Remote Low Not required Partial Partial Partial
Collabtive 1.0 has incorrect access control
1483 CVE-2013-4985 863 1 Bypass 2019-12-27 2020-01-17
5.0
None Remote Low Not required Partial None None
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
1484 CVE-2013-4982 287 Bypass 2019-12-27 2020-01-15
7.5
None Remote Low Not required Partial Partial Partial
AVTECH AVN801 DVR has a security bypass via the administration login captcha
1485 CVE-2013-4976 287 Bypass 2019-12-27 2020-01-10
7.5
None Remote Low Not required Partial Partial Partial
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
1486 CVE-2013-4975 269 2019-12-27 2020-01-14
9.0
None Remote Low ??? Complete Complete Complete
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
1487 CVE-2013-4968 79 XSS 2019-12-11 2019-12-13
4.3
None Remote Medium Not required None Partial None
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."
1488 CVE-2013-4868 200 1 +Info 2019-12-27 2020-01-08
5.0
None Remote Low Not required Partial None None
Karotz API 12.07.19.00: Session Token Information Disclosure
1489 CVE-2013-4867 269 1 2019-12-27 2020-01-13
6.2
None Local High Not required Complete Complete Complete
Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking
1490 CVE-2013-4859 276 1 2019-12-27 2020-01-09
9.3
None Remote Medium Not required Complete Complete Complete
INSTEON Hub 2242-222 lacks Web and API authentication
1491 CVE-2013-4796 434 Exec Code 2019-12-27 2020-01-07
6.5
None Remote Low ??? Partial Partial Partial
ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request
1492 CVE-2013-4764 276 2019-12-27 2020-01-10
2.1
None Local Low Not required None Partial None
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.
1493 CVE-2013-4763 276 2019-12-27 2020-01-10
2.1
None Local Low Not required None Partial None
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.
1494 CVE-2013-4743 120 1 Overflow 2019-12-27 2020-01-07
7.5
None Remote Low Not required Partial Partial Partial
Static HTTP Server 1.0 has a Local Overflow
1495 CVE-2013-4695 763 1 Exec Code 2019-12-27 2020-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
1496 CVE-2013-4693 79 XSS 2019-12-27 2020-01-04
4.3
None Remote Medium Not required None Partial None
WordPress Xorbin Digital Flash Clock 1.0 has XSS
1497 CVE-2013-4692 79 XSS 2019-12-27 2020-01-04
4.3
None Remote Medium Not required None Partial None
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
1498 CVE-2013-4691 79 XSS 2019-12-27 2020-01-04
4.3
None Remote Medium Not required None Partial None
Sencha Labs Connect has XSS with connect.methodOverride()
1499 CVE-2013-4665 352 CSRF 2019-12-27 2020-01-04
4.3
None Remote Medium Not required None Partial None
SPBAS Business Automation Software 2012 has CSRF.
1500 CVE-2013-4664 79 XSS 2019-12-27 2020-01-04
4.3
None Remote Medium Not required None Partial None
SPBAS Business Automation Software 2012 has XSS.
Total number of vulnerabilities : 1577   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.