CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2017-18524 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.
1552 CVE-2017-18523 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
1553 CVE-2017-18522 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.
1554 CVE-2017-18521 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
1555 CVE-2017-18520 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.
1556 CVE-2017-18519 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.
1557 CVE-2017-18518 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.
1558 CVE-2017-18517 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.
1559 CVE-2017-18516 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.
1560 CVE-2017-18515 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
1561 CVE-2017-18514 89 Sql 2019-08-14 2020-01-07
7.5
None Remote Low Not required Partial Partial Partial
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
1562 CVE-2017-18513 352 CSRF 2019-08-14 2021-07-30
6.8
None Remote Medium Not required Partial Partial Partial
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
1563 CVE-2017-18512 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
1564 CVE-2017-18511 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
1565 CVE-2017-18510 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
1566 CVE-2017-18509 20 Exec Code 2019-08-13 2020-11-09
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
1567 CVE-2017-18508 79 XSS 2019-08-12 2019-08-25
4.3
None Remote Medium Not required None Partial None
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
1568 CVE-2017-18507 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.
1569 CVE-2017-18506 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
1570 CVE-2017-18505 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The twitter-plugin plugin before 2.55 for WordPress has XSS.
1571 CVE-2017-18504 352 CSRF 2019-08-12 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
1572 CVE-2017-18503 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS.
1573 CVE-2017-18502 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.
1574 CVE-2017-18501 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.
1575 CVE-2017-18500 79 XSS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None Partial None
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.
1576 CVE-2017-18499 79 XSS 2019-08-12 2019-09-07
4.3
None Remote Medium Not required None Partial None
The simple-membership plugin before 3.5.7 for WordPress has XSS.
1577 CVE-2017-18498 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search.
1578 CVE-2017-18497 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The liveforms plugin before 3.4.0 for WordPress has XSS.
1579 CVE-2017-18496 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.
1580 CVE-2017-18495 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS.
1581 CVE-2017-18494 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.
1582 CVE-2017-18493 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.
1583 CVE-2017-18492 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.
1584 CVE-2017-18491 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.
1585 CVE-2017-18490 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.
1586 CVE-2017-18489 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS.
1587 CVE-2017-18488 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.
1588 CVE-2017-18487 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.
1589 CVE-2017-18486 332 2019-08-09 2019-08-19
6.5
None Remote Low ??? Partial Partial Partial
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.
1590 CVE-2017-18485 352 CSRF 2019-08-08 2019-08-15
5.8
None Remote Medium Not required Partial Partial None
Cognitoys Dino devices allow profiles_add.html CSRF.
1591 CVE-2017-18484 79 XSS 2019-08-08 2019-08-15
4.3
None Remote Medium Not required None Partial None
Cognitoys Dino devices allow XSS via the SSID.
1592 CVE-2017-18483 79 XSS 2019-08-07 2019-08-14
4.3
None Remote Medium Not required None Partial None
ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID.
1593 CVE-2017-18482 20 2019-08-05 2019-08-12
4.0
None Remote Low ??? None None Partial
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
1594 CVE-2017-18481 79 XSS 2019-08-05 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
1595 CVE-2017-18480 254 2019-08-05 2019-08-12
4.0
None Remote Low ??? Partial None None
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
1596 CVE-2017-18479 295 2019-08-05 2019-08-12
4.0
None Remote Low ??? Partial None None
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
1597 CVE-2017-18478 200 +Info 2019-08-05 2019-08-12
4.0
None Remote Low ??? Partial None None
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
1598 CVE-2017-18477 254 2019-08-05 2019-08-12
4.0
None Remote Low ??? Partial None None
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
1599 CVE-2017-18476 254 2019-08-05 2019-08-12
5.0
None Remote Low Not required Partial None None
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
1600 CVE-2017-18475 20 2019-08-05 2019-08-12
6.5
None Remote Low ??? Partial Partial Partial
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.