CVE-2019-16534
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product.
Source: CVE-2019-16534
[월:] 2019년 09월
CVE-2015-9407
CVE-2015-9407
The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.
Source: CVE-2015-9407
CVE-2019-4505
CVE-2019-4505
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.
Source: CVE-2019-4505
CVE-2019-16533
CVE-2019-16533
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product.
Source: CVE-2019-16533
CVE-2015-9405
CVE-2015-9397
CVE-2015-9397
The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.
Source: CVE-2015-9397
CVE-2015-9401
CVE-2015-9401
The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.
Source: CVE-2015-9401
CVE-2015-9400
CVE-2015-9400
The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.
Source: CVE-2015-9400
CVE-2015-9403
CVE-2015-9403
The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.
Source: CVE-2015-9403
CVE-2015-9402
CVE-2015-9402
The users-ultra plugin before 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
Source: CVE-2015-9402