CVE-2016-10973
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
Source: CVE-2016-10973
[월:] 2019년 09월
CVE-2016-10972
CVE-2016-10972
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
Source: CVE-2016-10972
CVE-2019-15950
CVE-2019-15950
The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data.
Source: CVE-2019-15950
CVE-2019-11184
CVE-2019-11184
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
Source: CVE-2019-11184
CVE-2019-0195
CVE-2019-0195
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp’s AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.
Source: CVE-2019-0195
CVE-2019-11166
CVE-2019-11166
Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack.
Source: CVE-2019-11166
CVE-2019-16355
CVE-2019-16355
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
Source: CVE-2019-16355
CVE-2019-16354
CVE-2019-16354
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
Source: CVE-2019-16354
CVE-2019-16353
CVE-2019-16353
Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
Source: CVE-2019-16353
CVE-2019-16350
CVE-2019-16350
ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.
Source: CVE-2019-16350