CVE-2016-10968
The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
Source: CVE-2016-10968
[월:] 2019년 09월
CVE-2019-16346
CVE-2019-16346
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
Source: CVE-2019-16346
CVE-2019-16264
CVE-2019-16264
In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.
Source: CVE-2019-16264
CVE-2018-21017
CVE-2018-21017
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
Source: CVE-2018-21017
CVE-2016-10967
CVE-2016-10967
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter.
Source: CVE-2016-10967
CVE-2016-10970
CVE-2016-10970
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.
Source: CVE-2016-10970
CVE-2016-10959
CVE-2016-10959
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
Source: CVE-2016-10959
CVE-2016-10960
CVE-2016-10960
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
Source: CVE-2016-10960
CVE-2016-10962
CVE-2016-10962
The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
Source: CVE-2016-10962
CVE-2016-10961
CVE-2016-10961
The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.
Source: CVE-2016-10961