National Vulnerability Database

This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.

CVE-2019-15328

22 August 2019, 8:15 pm

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.

CVE-2019-15326

22 August 2019, 8:15 pm

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.

CVE-2019-15329

22 August 2019, 8:15 pm

The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.

CVE-2019-15325

22 August 2019, 8:15 pm

In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not.

CVE-2019-15327

22 August 2019, 8:15 pm

The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.

CVE-2019-13139

22 August 2019, 8:15 pm

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

CVE-2018-20987

22 August 2019, 8:15 pm

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.

CVE-2018-20986

22 August 2019, 8:15 pm

The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors.

CVE-2015-9334

22 August 2019, 8:15 pm

The email-newsletter plugin through 20.15 for WordPress has SQL injection.

CVE-2017-18585

22 August 2019, 8:15 pm

The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template=’../ directory traversal.

CVE-2015-9338

22 August 2019, 8:15 pm

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

CVE-2015-9339

22 August 2019, 8:15 pm

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

CVE-2015-9340

22 August 2019, 8:15 pm

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files.

CVE-2017-18579

22 August 2019, 8:15 pm

The corner-ad plugin before 1.0.8 for WordPress has XSS.

CVE-2017-18578

22 August 2019, 8:15 pm

The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.

CVE-2014-10393

22 August 2019, 8:15 pm

The cforms2 plugin before 10.5 for WordPress has XSS.

CVE-2016-10929

22 August 2019, 8:15 pm

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.

CVE-2016-10928

22 August 2019, 8:15 pm

The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.

CVE-2014-10382

22 August 2019, 8:15 pm

The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.

CVE-2014-10386

22 August 2019, 8:15 pm

The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.

CVE-2013-7483

22 August 2019, 8:15 pm

The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.

CVE-2019-15330

22 August 2019, 7:15 pm

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.

CVE-2019-15331

22 August 2019, 7:15 pm

The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.

CVE-2019-12386

22 August 2019, 7:15 pm

An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.

CVE-2017-18586

22 August 2019, 7:15 pm

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.

CVE-2018-20988

22 August 2019, 7:15 pm

The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.

CVE-2019-12385

22 August 2019, 7:15 pm

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.

CVE-2019-15060

22 August 2019, 7:15 pm

The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

CVE-2016-10930

22 August 2019, 7:15 pm

The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.

CVE-2014-10389

22 August 2019, 7:15 pm

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.

CVE-2014-10387

22 August 2019, 7:15 pm

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.

CVE-2014-10394

22 August 2019, 7:15 pm

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.

CVE-2015-9341

22 August 2019, 7:15 pm

The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

CVE-2014-10392

22 August 2019, 7:15 pm

The cforms2 plugin before 10.2 for WordPress has XSS.

CVE-2014-10391

22 August 2019, 7:15 pm

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.

CVE-2014-10390

22 August 2019, 7:15 pm

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

CVE-2014-10388

22 August 2019, 7:15 pm

The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.

CVE-2019-14469

22 August 2019, 6:15 pm

In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.

CVE-2019-7617

22 August 2019, 5:15 pm

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

CVE-2019-14751

22 August 2019, 4:15 pm

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

CVE-2019-9153

22 August 2019, 4:15 pm

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.

CVE-2019-9154

22 August 2019, 4:15 pm

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.

CVE-2019-9155

22 August 2019, 4:15 pm

A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim’s ECDH private key.

CVE-2019-11029

22 August 2019, 3:15 pm

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality.

CVE-2019-11030

22 August 2019, 3:15 pm

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.

CVE-2019-11031

22 August 2019, 3:15 pm

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.

CVE-2018-18573

22 August 2019, 3:15 pm

osCommerce 2.3.4.1 has an incomplete ‘.htaccess’ for blacklist filtering in the "product" page. Remote authenticated administrators can upload new ‘.htaccess’ files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

CVE-2019-11013

22 August 2019, 3:15 pm

Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.

CVE-2018-18572

22 August 2019, 3:15 pm

osCommerce 2.3.4.1 has an incomplete ‘.htaccess’ for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn’t execute in the application. But this filter didn’t prevent the ‘.pht’ extension. Thus, remote authenticated administrators can upload ‘.pht’ files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

CVE-2019-15322

22 August 2019, 2:15 pm

The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.