Recent Advisories


CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

  • Published: Thu 22 Aug 2019

CVE-2019-14751

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.

  • Published: Thu 22 Aug 2019

CVE-2019-9153

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.

  • Published: Thu 22 Aug 2019

CVE-2019-9154

Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.

  • Published: Thu 22 Aug 2019

CVE-2019-9155

A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.

  • Published: Thu 22 Aug 2019

CVE-2018-18572

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

  • Published: Thu 22 Aug 2019

CVE-2018-18573

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.

  • Published: Thu 22 Aug 2019

CVE-2019-11013

Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.

  • Published: Thu 22 Aug 2019

CVE-2019-11029

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This includes SAM-database backups, Web.config files, etc. and might cause a serious impact on confidentiality.

  • Published: Thu 22 Aug 2019

CVE-2019-11030

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.

  • Published: Thu 22 Aug 2019

CVE-2019-11031

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges.

  • Published: Thu 22 Aug 2019

CVE-2008-7321

The tubepress plugin before 1.6.5 for WordPress has XSS.

  • Published: Thu 22 Aug 2019

CVE-2013-7482

The reflex-gallery plugin before 1.4.3 for WordPress has XSS.

  • Published: Thu 22 Aug 2019

CVE-2014-10383

The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.

  • Published: Thu 22 Aug 2019

CVE-2014-10384

The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.

  • Published: Thu 22 Aug 2019

CVE-2014-10385

The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.

  • Published: Thu 22 Aug 2019

CVE-2015-9337

The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.

  • Published: Thu 22 Aug 2019

CVE-2016-10922

The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.

  • Published: Thu 22 Aug 2019

CVE-2016-10923

The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.

  • Published: Thu 22 Aug 2019

CVE-2016-10924

The ebook-download plugin before 1.2 for WordPress has directory traversal.

  • Published: Thu 22 Aug 2019

CVE-2016-10925

The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.

  • Published: Thu 22 Aug 2019

CVE-2016-10926

The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.

  • Published: Thu 22 Aug 2019

CVE-2016-10927

The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.

  • Published: Thu 22 Aug 2019

CVE-2017-18576

The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.

  • Published: Thu 22 Aug 2019

CVE-2017-18577

The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.

  • Published: Thu 22 Aug 2019

Note: This page is generated by our securitybot and has not been checked for errors.