CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1951 CVE-2015-9298 94 2019-08-13 2019-11-28
7.5
None Remote Low Not required Partial Partial Partial
The events-manager plugin before 5.6 for WordPress has code injection.
1952 CVE-2015-9297 79 XSS 2019-08-13 2019-11-28
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.6 for WordPress has XSS.
1953 CVE-2015-9296 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.
1954 CVE-2015-9295 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-plugin plugin before 3.96 for WordPress has XSS.
1955 CVE-2015-9294 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
1956 CVE-2015-9293 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
1957 CVE-2015-9292 352 CSRF 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
1958 CVE-2015-9291 284 2019-08-01 2019-08-07
5.0
None Remote Low Not required Partial None None
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
1959 CVE-2015-7559 20 DoS 2019-08-01 2019-10-09
4.0
None Remote Low ??? None None Partial
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
1960 CVE-2014-10395 79 XSS 2019-08-27 2019-08-28
4.3
None Remote Medium Not required None Partial None
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
1961 CVE-2014-10394 74 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.
1962 CVE-2014-10393 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The cforms2 plugin before 10.5 for WordPress has XSS.
1963 CVE-2014-10392 79 XSS 2019-08-22 2019-08-23
4.3
None Remote Medium Not required None Partial None
The cforms2 plugin before 10.2 for WordPress has XSS.
1964 CVE-2014-10391 74 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.
1965 CVE-2014-10390 22 Dir. Trav. 2019-08-22 2019-08-29
6.4
None Remote Low Not required Partial Partial None
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
1966 CVE-2014-10389 287 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.
1967 CVE-2014-10388 200 +Info 2019-08-22 2019-08-29
5.0
None Remote Low Not required Partial None None
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.
1968 CVE-2014-10387 89 Sql 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
1969 CVE-2014-10386 74 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
1970 CVE-2014-10385 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.
1971 CVE-2014-10384 20 File Inclusion 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.
1972 CVE-2014-10383 20 File Inclusion 2019-08-22 2019-08-26
7.5
None Remote Low Not required Partial Partial Partial
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.
1973 CVE-2014-10382 352 CSRF 2019-08-22 2019-08-29
4.3
None Remote Medium Not required None Partial None
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
1974 CVE-2014-10381 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
1975 CVE-2014-10380 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
1976 CVE-2014-10379 89 Sql 2019-08-21 2019-08-22
7.5
None Remote Low Not required Partial Partial Partial
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
1977 CVE-2014-10378 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The duplicate-post plugin before 2.6 for WordPress has XSS.
1978 CVE-2014-10377 79 XSS 2019-08-21 2019-08-27
4.3
None Remote Medium Not required None Partial None
The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.
1979 CVE-2014-10376 89 Sql 2019-08-16 2019-08-21
7.5
None Remote Low Not required Partial Partial Partial
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
1980 CVE-2014-10375 189 2019-08-14 2019-08-27
5.0
None Remote Low Not required None Partial None
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
1981 CVE-2014-8184 119 Exec Code Overflow 2019-08-02 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened.
1982 CVE-2014-8183 284 2019-08-01 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
1983 CVE-2013-7483 20 File Inclusion 2019-08-22 2019-08-29
7.5
None Remote Low Not required Partial Partial Partial
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.
1984 CVE-2013-7482 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The reflex-gallery plugin before 1.4.3 for WordPress has XSS.
1985 CVE-2013-7481 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
1986 CVE-2013-7480 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
1987 CVE-2013-7479 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
1988 CVE-2013-7478 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
1989 CVE-2013-7477 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
1990 CVE-2013-7476 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.
1991 CVE-2013-7475 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The contact-form-plugin plugin before 3.52 for WordPress has XSS.
1992 CVE-2013-7474 79 XSS 2019-08-01 2019-08-06
4.3
None Remote Medium Not required None Partial None
Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.
1993 CVE-2013-7473 352 CSRF 2019-08-01 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.
1994 CVE-2012-6719 89 Sql 2019-08-28 2019-08-28
7.5
None Remote Low Not required Partial Partial Partial
The sharebar plugin before 1.2.2 for WordPress has SQL injection.
1995 CVE-2012-6718 79 XSS 2019-08-28 2019-08-28
4.3
None Remote Medium Not required None Partial None
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491.
1996 CVE-2012-6717 79 XSS 2019-08-28 2019-08-30
4.3
None Remote Medium Not required None Partial None
The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.
1997 CVE-2012-6716 79 XSS 2019-08-22 2019-08-26
4.3
None Remote Medium Not required None Partial None
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
1998 CVE-2012-6715 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.
1999 CVE-2012-6714 79 XSS 2019-08-21 2019-08-22
4.3
None Remote Medium Not required None Partial None
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
2000 CVE-2012-6713 79 XSS 2019-08-13 2019-08-16
4.3
None Remote Medium Not required None Partial None
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 (This Page)41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.