Results for

NA
CVE-2018-20157

The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.

NA
CVE-2018-20155

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.

NA
CVE-2018-20154

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.

NA
CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network.

NA
CVE-2018-19007

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.

NA
CVE-2018-20148

In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata.

NA
CVE-2018-20149

In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.

NA
CVE-2018-20151

In WordPress versions before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.

NA
CVE-2018-20153

In WordPress versions before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

NA
CVE-2018-20147

In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.