|
222351
|
9.8 |
CRITICAL
Network
|
optiontree_project
|
optiontree
|
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-15320
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222352
|
9.8 |
CRITICAL
Network
|
optiontree_project
|
optiontree
|
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2019-15319
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222353
|
9.8 |
CRITICAL
Network
|
yikesinc
|
easy_forms_for_mailchimp
|
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
|
CWE-94
Code Injection
|
CVE-2019-15318
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222354
|
5.4 |
MEDIUM
Network
|
givewp
|
givewp
|
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15317
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222355
|
5.4 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15314
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222356
|
7.0 |
HIGH
Local
|
valvesoftware
|
steam_client
|
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to le…
|
CWE-367
CWE-732
Time-of-check Time-of-use (TOCTOU) Race Condition
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-15316
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222357
|
7.8 |
HIGH
Local
|
valvesoftware
|
steam_client
|
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll wi…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-15315
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222358
|
5.4 |
MEDIUM
Network
|
vanderbilt
|
redcap
|
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
|
CWE-79
Cross-site Scripting
|
CVE-2019-15127
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222359
|
9.6 |
CRITICAL
Network
|
mantisbt
|
mantisbt
|
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploa…
|
CWE-79
Cross-site Scripting
|
CVE-2019-15074
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222360
|
7.8 |
HIGH
Local
|
bitdefender
|
antivirus_2020
|
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to…
|
CWE-426
Untrusted Search Path
|
CVE-2019-15295
|
2024-11-21 13:28 |
2019-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
