CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2016-10932 254 2019-08-26 2021-01-07
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.
1702 CVE-2016-10931 295 2019-08-26 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
1703 CVE-2016-10930 20 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.
1704 CVE-2016-10929 264 2019-08-22 2019-08-23
5.0
None Remote Low Not required Partial None None
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
1705 CVE-2016-10928 798 2019-08-22 2019-08-29
5.0
None Remote Low Not required Partial None None
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.
1706 CVE-2016-10927 918 2019-08-22 2019-08-26
6.4
None Remote Low Not required Partial Partial None
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
1707 CVE-2016-10926 918 2019-08-22 2019-08-26
6.4
None Remote Low Not required Partial Partial None
The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
1708 CVE-2016-10925 79 XSS 2019-08-22 2021-12-06
4.3
None Remote Medium Not required None Partial None
The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.
1709 CVE-2016-10924 22 Dir. Trav. 2019-08-22 2019-08-23
5.0
None Remote Low Not required Partial None None
The ebook-download plugin before 1.2 for WordPress has directory traversal.
1710 CVE-2016-10923 264 2019-08-22 2019-08-23
7.5
None Remote Low Not required Partial Partial Partial
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
1711 CVE-2016-10922 264 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
1712 CVE-2016-10921 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
1713 CVE-2016-10920 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.
1714 CVE-2016-10919 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.
1715 CVE-2016-10918 352 CSRF 2019-08-22 2019-08-26
6.8
None Remote Medium Not required Partial Partial Partial
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.
1716 CVE-2016-10917 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.
1717 CVE-2016-10916 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
1718 CVE-2016-10915 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
1719 CVE-2016-10914 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
1720 CVE-2016-10913 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.
1721 CVE-2016-10912 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The universal-analytics plugin before 1.3.1 for WordPress has XSS.
1722 CVE-2016-10911 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
1723 CVE-2016-10910 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.
1724 CVE-2016-10909 89 Sql 2019-08-21 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
1725 CVE-2016-10908 79 XSS 2019-08-21 2019-08-21
4.3
None Remote Medium Not required None Partial None
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.
1726 CVE-2016-10907 787 2019-08-19 2019-10-07
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt.
1727 CVE-2016-10906 362 2019-08-19 2019-10-15
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
1728 CVE-2016-10905 416 2019-08-19 2019-09-25
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.
1729 CVE-2016-10904 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The olimometer plugin before 2.57 for WordPress has SQL injection.
1730 CVE-2016-10903 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
1731 CVE-2016-10902 352 CSRF 2019-08-21 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
1732 CVE-2016-10901 79 XSS 2019-08-21 2019-08-21
4.3
None Remote Medium Not required None Partial None
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.
1733 CVE-2016-10900 79 XSS 2019-08-21 2019-08-21
4.3
None Remote Medium Not required None Partial None
The uji-countdown plugin before 2.0.7 for WordPress has XSS.
1734 CVE-2016-10899 20 2019-08-21 2019-08-22
5.0
None Remote Low Not required None Partial None
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.
1735 CVE-2016-10898 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The total-security plugin before 3.4.1 for WordPress has XSS.
1736 CVE-2016-10897 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.
1737 CVE-2016-10896 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The seo-redirection plugin before 4.3 for WordPress has stored XSS.
1738 CVE-2016-10895 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
1739 CVE-2016-10894 254 2019-08-16 2019-10-15
2.1
None Local Low Not required None Partial None
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).
1740 CVE-2016-10893 79 XSS 2019-08-20 2019-08-22
4.3
None Remote Medium Not required None Partial None
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.
1741 CVE-2016-10892 79 XSS 2019-08-20 2019-09-04
4.3
None Remote Medium Not required None Partial None
The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues.
1742 CVE-2016-10891 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.
1743 CVE-2016-10890 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.
1744 CVE-2016-10889 89 Sql 2019-08-14 2019-08-16
7.5
None Remote Low Not required Partial Partial Partial
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
1745 CVE-2016-10888 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
1746 CVE-2016-10887 89 Sql 2019-08-14 2019-08-19
7.5
None Remote Low Not required Partial Partial Partial
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
1747 CVE-2016-10886 264 2019-08-14 2019-08-20
7.5
None Remote Low Not required Partial Partial Partial
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
1748 CVE-2016-10885 352 CSRF 2019-08-14 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
1749 CVE-2016-10884 352 CSRF 2019-08-14 2019-09-06
6.8
None Remote Medium Not required Partial Partial Partial
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
1750 CVE-2016-10883 352 CSRF 2019-08-14 2019-08-20
5.8
None Remote Medium Not required None Partial Partial
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 (This Page)36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.