CVE-2019-13477
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.
Source: CVE-2019-13477
[월:] 2019년 08월
CVE-2019-12634
CVE-2019-12634
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
Source: CVE-2019-12634
CVE-2019-12627
CVE-2019-12627
A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data.
Source: CVE-2019-12627
CVE-2019-12626
CVE-2019-12626
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs valid administrator credentials.
Source: CVE-2019-12626
CVE-2016-10890
CVE-2016-10890
The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.
Source: CVE-2016-10890
CVE-2014-10379
CVE-2014-10379
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
Source: CVE-2014-10379
CVE-2014-10378
CVE-2018-20970
CVE-2018-20970
The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.
Source: CVE-2018-20970
CVE-2018-20977
CVE-2018-20977
The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.
Source: CVE-2018-20977
CVE-2017-18561
CVE-2017-18561
The embed-comment-images plugin before 0.6 for WordPress has XSS.
Source: CVE-2017-18561