Show filters
267 Total Results
Displaying 181-190 of 267
Sort by:
Attacker Value
Unknown

CVE-2015-4553

Disclosure Date: January 06, 2020 (last updated February 21, 2025)
A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-15329

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
0
0
Attacker Value
Unknown

CVE-2019-15328

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
0
0
Attacker Value
Unknown

CVE-2019-15326

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
0
0
Attacker Value
Unknown

CVE-2019-15327

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
0
0
Attacker Value
Unknown

CVE-2015-9336

Disclosure Date: August 22, 2019 (last updated November 27, 2024)
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
0
0
Attacker Value
Unknown

CVE-2019-14792

Disclosure Date: August 09, 2019 (last updated November 27, 2024)
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
0
0
Attacker Value
Unknown

CVE-2019-14683

Disclosure Date: August 08, 2019 (last updated November 27, 2024)
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-13097

Disclosure Date: July 22, 2019 (last updated November 27, 2024)
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.
0
0
Attacker Value
Unknown

CVE-2019-10014

Disclosure Date: March 24, 2019 (last updated November 27, 2024)
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
0
0
View More Topics  < Previous  Next >