Lucene search
K

8698 matches found

Prion
Prion
added 2019/08/23 9:15 p.m.12 views

Design/Logic Flaw

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the userurl, displayname, firstname, and lastname columns in an exported CSV file created by the WFCustomerImpExpCsvExporter class...

6CVSS7.3AI score0.05141EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2019/08/23 2:15 p.m.25 views

CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.3CVSS4.7AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2019/08/23 2:15 p.m.3 views

CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.3CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2019/08/23 1:49 p.m.20 views

CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.8AI score0.00679EPSS
Exploits0References1
CVE
CVE
added 2019/08/23 1:49 p.m.75 views

CVE-2019-8447

CVE-2019-8447 affects Atlassian Jira before 8.3.2, where the ServiceExecutor resource is vulnerable to CSRF, enabling remote attackers to trigger the creation of export files. The issue is noted in multiple sources (NVD entry; Jira RS-69776 ticket; Nessus summary for Jira

4.3CVSS4.8AI score0.00679EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2019/08/23 6:53 a.m.9 views

strip-curtains.com Open Redirect vulnerability

Security Researcher k0t Helped patch 2130 vulnerabilities Received 9 Coordinated Disclosure badges Received 95 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting strip-curtains.com website and its users. Following coordinate...

0.3AI score
Exploits0
CNVD
CNVD
added 2019/08/23 12:0 a.m.4 views

WordPress users-customers-import-export-for-wp-woocommerce plugin CSV injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. users-customers-import-export-for-wp-woocommerce is a user import/export plugin used in it. A CSV injection vulnerability exists in th...

7.3CVSS7.1AI score0.05141EPSS
Exploits5References1
OSV
OSV
added 2019/08/22 1:15 p.m.2 views

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

9.1CVSS5.8AI score0.01744EPSS
Exploits0References1
NVD
NVD
added 2019/08/22 1:15 p.m.19 views

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

9.1CVSS9.3AI score0.01744EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 1:15 p.m.13 views

Design/Logic Flaw

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

6.4CVSS9.2AI score0.01744EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:40 p.m.20 views

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

9.4AI score0.01744EPSS
Exploits0References1
Atlassian
Atlassian
added 2019/08/19 8:17 p.m.36 views

Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394

Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...

8.8CVSS2.6AI score0.11406EPSS
Exploits1
CNVD
CNVD
added 2019/08/16 12:0 a.m.4 views

WordPress Tribulant Newsletters Plugin Path Traversal Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Tribulant Newsletters plugin is a full-featured newsletter plugin used in it. A path traversal vulnerability exists in the WordPress...

8.8CVSS6.9AI score0.03711EPSS
Exploits2References1
OSV
OSV
added 2019/08/15 4:15 p.m.5 views

CVE-2019-14788

wp-admin/admin-ajax.php?action=newslettersexportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers11 parameter in conjunction with an exportfile=../ value...

8.8CVSS7.6AI score0.03711EPSS
Exploits2References3
OSV
OSV
added 2019/08/15 3:15 p.m.4 views

CVE-2019-14800

The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-admin/admin-post.php?page=fvplayer&fv-email-export=1 URI...

5.3CVSS6.1AI score0.01516EPSS
Exploits1References2
OSV
OSV
added 2019/08/14 4:15 p.m.3 views

CVE-2017-18510

The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions...

8.8CVSS5.8AI score0.00649EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2019/08/13 12:0 a.m.6 views

May 23, 2019—KB4499182 (Preview of Monthly Rollup)

May 23, 2019—KB4499182 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4499151 released May 14, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an issue ...

7.1AI score
Exploits0
CNVD
CNVD
added 2019/08/12 12:0 a.m.2 views

Apache Ranger Cross-Site Request Forgery Vulnerability

Apache Ranger is a set of architectures from the Apache USA Software Foundation that implement comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...

6.1CVSS6.8AI score0.02965EPSS
Exploits0References1
exploitpack
exploitpack
added 2019/08/12 12:0 a.m.23 views

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution

Ghidra Linux 9.0.4 - .gar Arbitrary Code Execution import os import inspect import argparse import shutil from shutil import copyfile print"" print"" print"" print"" print"------------------CVE-2019-13623----------------" print"" print"" print""...

6.8CVSS1.1AI score0.04961EPSS
Exploits5
WPVulnDB
WPVulnDB
added 2019/08/10 12:0 a.m.13 views

Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Multiple Issues

Unauthenticated option changes vulnerability that could allow an attacker to redirect all pages and posts of the blog to a malicious website, as well as an authenticated options export/deletion vulnerability...

5.8CVSS3AI score0.01467EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder