CVE-2019-15497

Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP...

CVE-2019-15497

CVE-2019-15497 affects Black Box iCOMPEL 9.2.3 through 11.1.4 (as used in ONELAN Net-Top-Box 9.2.3–11.1.4 and other products). The root cause described is default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP . Impact is consistent with the NVD m...

JVN#17127920: Smart TV Box fails to restrict access permissions

Smart TV Box provided by KDDI CORPORATION enables access to Android Debug Bridge via port 5555/TCP of LAN side interface. When a cable television provider sets up Smart TV Box at an individual residence, direct access from outside to the LAN side interface of Smart TV Box is disabled. However if...

KDDI Smart TV Box Access Control Error Vulnerability

KDDI Smart TV Box is a smart TV box from KDDI Japan. An Access Control Error vulnerability exists in KDDI Smart TV Boxes using firmware versions prior to 1300, which stems from the program's failure to restrict access rights and can be exploited by remote attackers to perform arbitrary operations...

CVE-2019-15233

The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cookie...

CVE-2019-15233

CVE-2019-15233 affects the Live:Text Box macro in Old Street Live Input Macros for Confluence, with XSS in versions before 2.11 that can steal an Administrator session cookie. The issue arises from injected JavaScript in a Confluence element, enabling session hijacking when a page containing the ...

WordPress Meta Box Plugin < 4.16.3 File Deletion Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112627";...

WordPress Meta Box Plugin < 4.16.2 File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112628";...

WordPress Meta Box Plugin Code Issue Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Meta Box plugin is a custom field plugin used in it. WordPress Meta Box plugin has a code issue vulnerability. No details of the...

WordPress Meta Box Plugin Path Traversal Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Meta Box plugin is a custom field plugin used in it. A path traversal vulnerability exists in WordPress Meta Box plugin versions prior ...

CVE-2019-14794

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

CVE-2019-14794

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

Design/Logic Flaw

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

CVE-2019-14794

CVE-2019-14794 affects the WordPress Meta Box plugin prior to version 4.16.2. The vulnerability arises from mishandling file uploads to custom folders, with a CVSS3 base score of 7.5 (network/vector, low access complexity, no privileges required, integrity impact HIGH). Public exploitation detail...

CVE-2019-14794

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...

CVE-2019-14793

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...

CVE-2019-14793

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...

Arbitrary file deletion

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...

CVE-2019-14793

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...

CVE-2019-14793

CVE-2019-14793 concerns the WordPress WordPress Meta Box plugin (pre-4.16.3). The vulnerability enables unauthenticated? (via the description it’s difficult to confirm authentication) file deletion through an AJAX action (wp-admin/admin-ajax.php?action=rwmb_delete_file) with an attachment_id para...