CVE-2014-10394
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.
Source: CVE-2014-10394
[월:] 2019년 08월
CVE-2015-9341
CVE-2015-9341
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
Source: CVE-2015-9341
CVE-2014-10392
CVE-2014-10387
CVE-2014-10387
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
Source: CVE-2014-10387
CVE-2014-10390
CVE-2014-10390
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
Source: CVE-2014-10390
CVE-2019-14469
CVE-2019-14469
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
Source: CVE-2019-14469
CVE-2019-7617
CVE-2019-7617
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
Source: CVE-2019-7617
CVE-2019-9155
CVE-2019-9155
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim’s ECDH private key.
Source: CVE-2019-9155
CVE-2019-14751
CVE-2019-14751
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
Source: CVE-2019-14751
CVE-2019-9154
CVE-2019-9154
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
Source: CVE-2019-9154