Recent vulnerabilities and exploits

5
CVSSv2
CVE-2017-14719

Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components....

Wordpress
6.8
CVSSv2
CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed...

Wordpress
NA
CVE-2019-15133

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero....

NA
CVE-2019-15134

RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in...

NA
CVE-2019-15132

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access"...

NA
CVE-2019-13069

extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a...

NA
CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to...

NA
CVE-2018-20974

The js-jobs plugin before 1.0.7 for WordPress has CSRF....

NA
CVE-2018-20971

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan....

NA
CVE-2015-9322

The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF....