Latest 7 days CVE Lists

Latest 7 days CVE Lists 피드 구독하기
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
업데이트: 4시간 45분 지남

CVE-2018-20988

금, 2019/08/23 - 4:15오전
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.

CVE-2019-12385

금, 2019/08/23 - 4:15오전
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality.

CVE-2019-12386

금, 2019/08/23 - 4:15오전
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.

CVE-2019-15060

금, 2019/08/23 - 4:15오전
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

CVE-2014-10387

금, 2019/08/23 - 4:15오전
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.

CVE-2014-10388

금, 2019/08/23 - 4:15오전
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.

CVE-2014-10389

금, 2019/08/23 - 4:15오전
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.

CVE-2014-10390

금, 2019/08/23 - 4:15오전
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.

CVE-2014-10391

금, 2019/08/23 - 4:15오전
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.

CVE-2014-10392

금, 2019/08/23 - 4:15오전
The cforms2 plugin before 10.2 for WordPress has XSS.

CVE-2014-10394

금, 2019/08/23 - 4:15오전
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.

CVE-2015-9341

금, 2019/08/23 - 4:15오전
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.

CVE-2019-14469

금, 2019/08/23 - 3:15오전
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.

CVE-2019-7617

금, 2019/08/23 - 2:15오전
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

CVE-2019-14751

금, 2019/08/23 - 1:15오전
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

CVE-2019-9153

금, 2019/08/23 - 1:15오전
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.

CVE-2019-9154

금, 2019/08/23 - 1:15오전
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.

CVE-2019-9155

금, 2019/08/23 - 1:15오전
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

CVE-2018-18573

금, 2019/08/23 - 12:15오전
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

CVE-2019-11013

금, 2019/08/23 - 12:15오전
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.

페이지