CWE:
 

Topic
Date
Author
Low
WordPress 5.1.1 Slider Revolution 4.6.5 UpdateCaptionsCSS Remote Content Injection
21.03.2019
KingSkrupellos


CVEMAP Search Results

CVE
Details
Description
2019-09-19
Medium
CVE-2019-15000

Vendor: Atlassian
Software: Bitbucket
 

 
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.

 
High
CVE-2019-15001

Vendor: Atlassian
Software: JIRA
 

 
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

 
2019-09-16
Low
CVE-2019-15724

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection.

 
Medium
CVE-2017-18634

Vendor: Tagdiv
Software: Newspaper
 

 
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.

 
2019-09-14
Medium
CVE-2019-16305

Vendor: Mobatek
Software: Mobaxterm
 

 
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.

 
2019-09-12
Low
CVE-2019-5977

Vendor: Cybozu
Software: Garoon
 

 
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.

 
Low
CVE-2019-5975

Vendor: Cybozu
Software: Garoon
 

 
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2019-09-10
Medium
CVE-2017-18605

Vendor: Gravitatedesign
Software: Gravitate qa...
 

 
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.

 
Medium
CVE-2017-18604

Vendor: Sitebuilder dynamic components project
Software: Sitebuilder ...
 

 
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.

 
2019-09-09
Medium
CVE-2019-16184

Vendor: Limesurvey
Software: Limesurvey
 

 
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top