CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1751 CVE-2016-10882 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
1752 CVE-2016-10881 79 XSS 2019-08-14 2019-08-19
4.3
None Remote Medium Not required None Partial None
The google-document-embedder plugin before 2.6.2 for WordPress has XSS.
1753 CVE-2016-10880 79 XSS 2019-08-14 2019-08-19
4.3
None Remote Medium Not required None Partial None
The google-document-embedder plugin before 2.6.1 for WordPress has XSS.
1754 CVE-2016-10879 79 XSS 2019-08-12 2019-08-15
4.3
None Remote Medium Not required None Partial None
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.
1755 CVE-2016-10878 79 XSS 2019-08-12 2020-02-09
4.3
None Remote Medium Not required None Partial None
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
1756 CVE-2016-10877 79 XSS 2019-08-12 2019-08-15
4.3
None Remote Medium Not required None Partial None
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues.
1757 CVE-2016-10876 352 CSRF 2019-08-12 2019-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
1758 CVE-2016-10875 79 XSS 2019-08-12 2019-09-01
4.3
None Remote Medium Not required None Partial None
The wp-database-backup plugin before 4.3.1 for WordPress has XSS.
1759 CVE-2016-10874 352 CSRF 2019-08-12 2019-10-12
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
1760 CVE-2016-10873 79 XSS 2019-08-12 2019-10-12
4.3
None Remote Medium Not required None Partial None
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
1761 CVE-2016-10872 79 XSS 2019-08-12 2019-09-02
4.3
None Remote Medium Not required None Partial None
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
1762 CVE-2016-10871 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.
1763 CVE-2016-10870 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The google-language-translator plugin before 5.0.06 for WordPress has XSS.
1764 CVE-2016-10869 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.
1765 CVE-2016-10868 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
1766 CVE-2016-10867 79 XSS 2019-08-13 2020-02-09
4.3
None Remote Medium Not required None Partial None
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
1767 CVE-2016-10866 79 XSS 2019-08-13 2019-08-15
4.3
None Remote Medium Not required None Partial None
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
1768 CVE-2016-10865 352 XSS CSRF 2019-08-09 2019-08-15
4.3
None Remote Medium Not required None Partial None
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
1769 CVE-2016-10864 79 XSS 2019-08-08 2019-08-19
2.9
None Local Network Medium Not required None Partial None
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.
1770 CVE-2016-10863 352 CSRF 2019-08-08 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
1771 CVE-2016-10862 352 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.
1772 CVE-2016-10861 352 CSRF 2019-08-07 2021-06-24
4.3
None Remote Medium Not required None Partial None
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
1773 CVE-2016-10860 284 2019-08-01 2019-08-12
5.5
None Remote Low ??? None Partial Partial
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
1774 CVE-2016-10859 285 2019-08-01 2019-08-08
5.5
None Remote Low ??? Partial Partial None
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
1775 CVE-2016-10858 20 Exec Code 2019-08-01 2019-08-09
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
1776 CVE-2016-10857 284 Bypass 2019-08-01 2019-08-09
4.0
None Remote Low ??? None None Partial
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
1777 CVE-2016-10856 284 2019-08-01 2019-08-06
4.0
None Remote Low ??? Partial None None
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
1778 CVE-2016-10855 20 Exec Code 2019-08-01 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
1779 CVE-2016-10854 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
1780 CVE-2016-10853 79 XSS 2019-08-01 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
1781 CVE-2016-10852 284 2019-08-01 2019-08-08
4.0
None Remote Low ??? Partial None None
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
1782 CVE-2016-10851 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
1783 CVE-2016-10850 20 Exec Code 2019-08-01 2019-08-06
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
1784 CVE-2016-10849 77 2019-08-01 2019-08-09
4.0
None Remote Low ??? None Partial None
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
1785 CVE-2016-10848 285 2019-08-01 2019-08-08
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
1786 CVE-2016-10847 74 2019-08-01 2019-08-08
5.5
None Remote Low ??? Partial Partial None
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
1787 CVE-2016-10846 275 2019-08-01 2019-08-08
8.5
None Remote Low ??? Complete Complete None
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
1788 CVE-2016-10845 74 2019-08-01 2019-08-08
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
1789 CVE-2016-10844 200 +Info 2019-08-01 2019-08-08
4.0
None Remote Low ??? Partial None None
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).
1790 CVE-2016-10843 77 Exec Code 2019-08-01 2019-08-08
5.5
None Remote Low ??? Partial Partial None
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
1791 CVE-2016-10842 20 2019-08-01 2019-08-12
4.0
None Remote Low ??? Partial None None
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
1792 CVE-2016-10841 199 2019-08-01 2019-08-08
2.1
None Remote High ??? Partial None None
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).
1793 CVE-2016-10840 668 Exec Code 2019-08-01 2019-08-12
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
1794 CVE-2016-10839 89 Sql 2019-08-01 2019-08-13
5.5
None Remote Low ??? Partial Partial None
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
1795 CVE-2016-10838 284 2019-08-01 2019-08-13
6.8
None Remote Low ??? Complete None None
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
1796 CVE-2016-10837 426 Exec Code 2019-08-01 2019-08-08
8.5
None Remote Medium ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
1797 CVE-2016-10836 287 2019-08-01 2019-08-13
4.0
None Remote Low ??? Partial None None
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
1798 CVE-2016-10835 287 Bypass 2019-08-01 2019-08-12
4.0
None Remote Low ??? Partial None None
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
1799 CVE-2016-10834 358 Bypass 2019-08-01 2019-08-12
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
1800 CVE-2016-10833 287 2019-08-01 2019-08-12
5.0
None Remote Low Not required Partial None None
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 (This Page)37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.