WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. id: CVE-2019-17232 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated Options Import and Export author: daffainfo severity: high description: |...

Pypiserver <1.2.5 - Carriage Return Line Feed Injection

Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI. id: CVE-2019-6802 info: name: Pypiserver 1.2.5 - Carriage Return Line Feed Injection author...

Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

Homematic CCU3 - Local File Inclusion

eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. id: CVE-2019-9726 info: name: Homematic CCU3 - Local...

WP Google Maps < 7.10.43 - Cross-Site Scripting

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO. id: CVE-2019-9912 info: name: WP Google Maps 7.10.43 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via t...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

Zimbra Collaboration Suite - SSRF

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. id: CVE-2019-9621 info: name: Zimbra Collaboration Suite - SSRF author: riteshs4hu severity: high description: |...

WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion

WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST'adaptive-images-settings''sourcefile' parameter in adaptive-images-script.php. id: CVE-2019-14205 info: name: WordPress Nevma Adaptive Images 0.6.67 - Local File Inclusion...

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

ifw8 Router ROM v4.31 - Credential Discovery

ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code. id: CVE-2019-16313 info: name: ifw8 Router ROM v4.31 - Credential Discovery author: pikpikcu severity: high description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via...

WordPress GraceMedia Media Player 1.0 - Local File Inclusion

WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter. id: CVE-2019-9618 info: name: WordPress GraceMedia Media Player 1.0 - Local File Inclusion author: daffainfo severity: critical description: WordPress GraceMedia Media Player plugin 1.0 is...

Xiaomi Mi WiFi R3G Routers - Local file Inclusion

Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. id: CVE-2019-18371...

Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...

Apache Tomcat - Cross-Site Scripting

Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be prese...

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

TOTOLINK/Realtek Routers - Information Disclosure

A certain router administration interface using Realtek APMIB e.g., on TOTOLINK models allows unauthenticated remote attackers to disclose the entire router configuration, including sensitive credentials, via accessing the "config.dat" file. Affected devices include TOTOLINK A3002RU through 2.0.0...

WordPress Advanced Access Manager - Path Traversal

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

Optergy Proton/Enterprise Building Management System - Open Redirect

Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-7275 info: name: Optergy Proton/Enterprise...

Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting

Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript. id: CVE-2019-19368 info: name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting author:...