CVE-2019-15772
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Source: CVE-2019-15772
[월:] 2019년 08월
CVE-2019-15776
CVE-2019-15776
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.
Source: CVE-2019-15776
CVE-2019-15774
CVE-2019-15774
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Source: CVE-2019-15774
CVE-2019-15787
CVE-2019-15787
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic.
Source: CVE-2019-15787
CVE-2019-15769
CVE-2019-15769
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
Source: CVE-2019-15769
CVE-2018-21007
CVE-2018-21007
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
Source: CVE-2018-21007
CVE-2019-15767
CVE-2019-15767
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
Source: CVE-2019-15767
CVE-2019-15758
CVE-2019-15758
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.
Source: CVE-2019-15758
CVE-2019-15759
CVE-2019-15759
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.
Source: CVE-2019-15759
CVE-2019-11064
CVE-2019-11064
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.
Source: CVE-2019-11064