[191] Advisories
Show only with CVSS score
Search: %
Search for
DateTitleCVE/DWF ID
2020-10-20 Solaris 11 x86 nsdb-update-nci utility can reveal password in temporary file 2020-14758
2020-10-20 The Solaris 11 utility nsdb-convert and other fedfs scripts use temporary files insecurely 2020-14759
2020-05-19 SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql 2020-8519
2020-8520
2020-8521
2020-02-02 Insecure /tmp file use in Oracle Solaris 11 Device Driver Utility v1.3.1 leads to root 2020-14724
2019-12-16 Arbitrary file upload vulnerability in upload-image-with-ajax 2019-8293
2019-09-18 Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions. 2019-8288
2019-8289
2019-8290
2019-8291
2019-8292
2018-11-15 Arbitrary File Upload File Upload Vulnerability in php-traditional-server v1.2.2 2018-9209
2018-11-02 Arbitrary file upload vulnerability in jQuery Upload File v4.0.2 2018-9207
2018-11-02 Arbitrary file upload vulnerability in jQuery-Picture-Cut v1.1beta 2018-9208
2018-10-15 Arbitrary file upload vulnerabiity in WordPress Plugin tajer v1.05 2018-9206
2018-10-09 jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability 2018-9206
2018-08-22 Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8 2018-1002000
2018-1002001
2018-1002002
2018-1002003
2018-1002004
2018-1002005
2018-1002006
2018-1002007
2018-1002008
2018-1002009
2018-03-30 Arbitrary file download vulnerability in Drupal module avatar_uploader v7.x-1.0-beta8 2018-9205
2017-09-08 Vulnerability in Wordpress Plugin backwpup v3.4.1 possible brute forcing of backup file download 2017-2551
2017-09-07 Joomla extension Easy Joomla Backup v3.2.4 database backup exposure 2017-2550
2017-07-22 Blind SQL Injection in Wordpress plugin wordpress-gallery-transformation v1.0 2017-1002028
2017-07-04 Blind SQL injection in wordpress plugin event-espresso-free v3.1.37.11.L 2017-1002026
2017-07-01 Blind SQL Injection vulnerability in Wordpress plugin rk-responsive-contact-form v1.0 2017-1002027
2017-06-21 Authenticated blind SQL injection in add-edit-delete-listing-for-member-module v1.0 2017-1002025
2017-06-14 File upload vulnerability in Kindeditor <= 4.1.12 2017-1002024
2017-05-24 Blind SQL Injection in Wordpress Plugin Easy Team Manager v1.3.2 2017-1002023
2017-05-21 Blind SQL Injection in Wordpress plugin eventr v1.02.2 2017-1002018
2017-1002019
2017-05-21 SQL Injection in Wordpress plugin surveys v1.01.8 2017-1002020
2017-1002021
2017-1002022
2017-05-15 Unauthenticated Stored XSS Vulnerability in Wordpress plugin gift-certificate-creator v1.0 2017-1002017
2017-04-26 Arbitrary file upload vulnerability in Wordpress plugin flickr-picture-backup v0.7 2017-1002016
2017-04-01 Blind SQL Injection and persistent XSS in Wordpress plugin image-gallery-with-slideshow v1.5.2 2017-1002011
2017-1002012
2017-1002013
2017-1002014
2017-1002015
2017-03-17 Multiple Unauthenticated blind SQL injections in Wordpress Plugin Membership Simplified v1.58 2017-1002009
2017-1002010
2017-03-13 Arbitrary file download vulnerability in Wordpress Plugin Membership Simplified v1.58 2017-1002008
2017-03-08 Multiple Blind SQL injection vulnerability in Wordpress Plugin DTracker v1.5 2017-1002004
2017-1002005
2017-03-08 Two Content Injection vulnerabilities in Wordpress Plugin DTracker v1.5 2017-1002006
2017-1002007
2017-03-01 Unrestricted File Upload vulnerability in Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0 2017-1002000
2017-03-01 Unrestricted File Upload vulnerability in Wordpress Plugin mobile-app-builder-by-wappress v1.05 2017-1002001
2017-03-01 Unrestricted File Upload vulnerability in Wordpress Plugin webapp-builder v2.0 2017-1002002
2017-03-01 Unrestricted File Upload vulnerability in Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4 2017-1002003
2017-02-27 Unrestricted File Upload vulnerability in Wordpress Plugin Mobile App Native 3.0 2017-6104
2017-02-21 Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1 2017-6103
2017-02-20 Persistent XSS in wordpress plugin rockhoist-badges v1.2.2 2017-6102
2016-11-01 Mailcwp remote file upload vulnerability incomplete fix v1.100 2016-1000156
2016-10-03 /tmp race condition in Teradata Studio Express v15.12.00.00 studioexpressinstall 2016-7490
2016-10-01 Teradata Virtual Machine Community Edition v15.10 has insecure file permission 2016-7488
2016-10-01 Teradata Virtual Machine Community Edition v15.10 Insecure creation of files in /tmp 2016-7489
2016-09-16 Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 2016-1000124
2016-09-16 Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla 2016-1000125
2016-09-15 Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-1000123
2016-07-22 XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension 2016-1000121
2016-1000122
2016-07-17 XSS & SQLi in HugeIT slideshow v1.0.4 2016-1000117
2016-1000118
2016-07-17 SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla 2016-1000119
2016-1000120
2016-07-15 Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS 2016-1000115
2016-1000116
2016-07-14 XSS and SQLi in huge IT gallery v1.1.5 for Joomla 2016-1000113
2016-1000114
2016-06-15 Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin 2016-1000112
2016-02-01 Open Proxy & Authentication by pass for wordpress plugin wp-miniaudioplayer v1.7.6 2016-0796
2016-01-27 Reflected XSS & Blind SQLi in wordpress plugin eshop v6.3.14 2016-0765
2016-0769
2016-01-26 Wordpress plugin Reflected XSS in connections v8.5.8 2016-0770
2015-12-17 Local root vulnerability in DeleGate v9.9.13 2015-7556
2015-11-29 Command Injection in cool-video-gallery v1.9 Wordpress plugin 2015-7527
2015-11-24 SQL injection in wordpress plugin double-opt-in-for-download v2.0.8 2015-7517
2015-10-29 /tmp race condition in IBM Installation Manager v1.8.1 install script 2015-7442
2015-10-22 Blind SQL injection in wp-championship wordpress plugin v5.8 2015-5308
2015-09-15 Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin 2015-1000012
2015-09-11 Remote file upload Vulnerability in Wordpress plugin csv2wpec-coupon v1.1 2015-1000013
2015-08-15 Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 2015-1000009
2015-08-04 Blind SQL Injection in wordpress plugin dukapress v2.5.9 2015-1000011
2015-07-17 Arbitrary file download vulnerability in wptf-image-gallery v1.03 2015-1000007
2015-07-16 Arbitrary file download in simple-image-manipulator v1.0 wordpress plugin 2015-1000010
2015-07-13 Arbitrary file download vulnerability in recent-backups v0.7 wordpress plugin 2015-1000006
2015-07-13 Remote file upload vulnerability in wpe-indoshipping v2.5.0 wordpress plugin [Previously Discovered] none
2015-07-12 Remote file upload vulnerability in wp-front-end-repository v1.1 Wordpress plugin [Previously Discovered] none
2015-07-12 Arbitrary file download vulnerability in candidate-application-form v1.0 wordpress plugin 2015-1000005
2015-07-12 Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 2015-1000008
2015-07-11 Open Proxy in filedownload v1.4 wordpress plugin 2015-1000002
2015-1000003
2015-1000004
2015-07-10 Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin 2015-1000001
2015-07-09 Remote file upload vulnerability in mailcwp v1.99 wordpress plugin 2015-1000000
2015-07-08 Arbitrary file download vulnerability in ibs-Mappro v0.6 Wordpress plugin 2015-5472
2015-07-05 Arbitrary file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 2015-5468
2015-07-02 Arbitrary file download vulnerability in Wordpress Plugin wp-swimteam v1.44.10777 2015-5471
2015-07-01 Arbitrary file download vulnerability in Wordpress Plugin mdc-youtube-downloader v2.1.0 2015-5469
2015-07-01 Arbitrary file download vulnerability in Wordpress Plugin image-export v1.1 2015-5609
2015-06-27 Remote file upload vulnerability & Blind SQLi in wordpress plugin wp-powerplaygallery v3.3 2015-5599
2015-5681
2015-5682
2015-06-12 Arbitrary File download in wordpress plugin wp-instance-rename v1.0 2015-4703
2015-06-10 zip-attachments v1.1.4 wordpress plugin arbitrary file download vulnerability 2015-4694
2015-06-10 Arbitrary file download vulnerability in download-zip-attachments v1.0 2015-4704
2015-06-08 SQL Injection in easy2map-photos wordpress plugin v1.09 2015-4615
2015-4617
2015-06-08 SQL Injection in easy2map wordpress plugin v1.24 2015-4614
2015-4616
2015-06-07 Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin 2015-4455
2015-06-06 Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 2015-4414
2015-06-01 Grand Media v1.6.4 Wordpress Plugin open proxy [previous discovery by Chad Seaman] 2015-4339
2015-05-11 Reflected XSS in Phpwhois component of adsense-click-fraud-monitoring wordpress plugin v1.7.5 2015-3998
2015-05-10 wow-moodboard-lite v1.1.1.1 Wordpress plugin has an open redirect 2015-4070
2015-05-10 Xcloner v3.1.2 wordpress plugin authenticated command execution and XSS 2015-4336
2015-4337
2015-4338
2015-03-29 Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 2015-9271
2015-03-29 Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 2015-9272
2015-02-17 xaviershay-dm-rails v0.10.3.8 mysql credential exposure 2015-2179
2015-01-25 SEANux Linux v1.0 Remote Web Shell Access Vulnerability none
2014-11-11 Command injection in Ruby Gem Webbynode 1.0.5.3 2013-7086
2014-11-02 Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability 2014-10076
2014-10-17 XCloner Backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities 2014-8603
2014-8604
2014-8605
2014-8606
2014-8607
2014-10-13 Vulnerabilities in WordPress Database Manager v2.7.1 2014-8334
2014-8335
2014-09-25 Ruby Gem as-1.0 Password exposure none
2014-09-02 Rooted SSH/SFTP Daemon Default Login Credentials none
2014-07-01 Remote command injection and SQLi in Ruby Gem brbackup-0.1.1 2014-5004
2014-06-07 Remote command injection in Screen Capture v0.0.0 none
2014-06-01 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2 none
2014-06-01 Vulnerability Report for Ruby Gem backup-agoddard-3.0.28 2014-4993
2014-06-01 Ruby Gem backup_checksum-3.0.23 exposes password to the process table 2014-4993
2014-06-01 Command Injection for for Ruby Gem cap-strap-0.1.5 none
2014-06-01 Vulnerability Report for Ruby Gem ciborg-3.0.0 2014-5003
2014-06-01 Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 2014-4991
2014-06-01 codders-dataset Gem for Ruby Process Table Local Plaintext Credential Disclosure 2014-4991
2014-06-01 Vulnerability Report for Ruby Gem gnms-2.1.1 none
2014-06-01 Vulnerability Report for Ruby Gem gyazo-1.0.0 2014-4994
2014-06-01 Report for Ruby Gem kajam-1.0.3.rc2 2014-4999
2014-06-01 Vulnerability Report for Ruby Gem karo-2.3.8 2014-10075
2014-06-01 Vulnerability Report for Ruby Gem kcapifony-2.1.6 2014-5001
2014-06-01 Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 none
2014-06-01 Vulnerability Report for Ruby Gem lawn-login-0.0.7 2014-5000
2014-06-01 Vulnerability Report for Ruby Gem lean-ruport-0.3.8 2014-4998
2014-06-01 Vulnerability Report for Ruby Gem lingq-0.3.1 none
2014-06-01 Vulnerability Report for Ruby Gem lynx-0.2.0 2014-5002
2014-06-01 Vulnerability Report for Ruby Gem point-cli-0.0.1 2014-4997
2014-05-14 Vulnerabilities in YingZhi Python Programming Language for iOS 2013-5655
2014-04-15 Square Hoptoad Notifier v2.4.8 Ruby Gem API Key exposure none
2014-04-14 Remote Command Injection in Ruby Gem sfpagent 0.4.14 2014-2888
2014-03-20 Persistent XSS in NextCellent Gallery 1.9.13 WordPress plugin 2014-3123
2014-02-09 Command Injection flickrcaptionr v1.1.0 ruby gem none
2014-02-01 Persistent XSS in Wordpress 3.3.1+dfsg-1 (Packaged with Ubuntu 12.04.4) none
2014-01-31 Persistent XSS in Media File Renamer v1.7.0 2014-2040
2014-01-08 Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key 2014-1234
2014-01-01 jspec-steventux 3.3.2.1 /tmp vulnerability none
2013-12-26 paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials 2014-1233
2013-12-17 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem 2014-2322
2013-11-15 Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line 2013-7111
2013-11-10 Command Injection in Ruby Gem Sprout 0.7.246 2013-6421
2013-09-17 Remote access to Android ftp server 1.2 configuration file allows login as admin none
2013-09-08 Multiple vulnerabilities in Ice Cold Apps Servers Ulitmate Version 6.0.2(12) for Android 2013-7465
2013-09-01 Features 0.3.0 Ruby gem file injection vulnerability 2013-4318
2013-09-01 Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem 2013-5671
2013-08-10 Command Injection in Ruby Gem Sounder 1.0.1 2013-5647
2013-08-01 Unauthenticated Remote File Upload via HTTP for perl-Programming language 1.6 on iOS none
2013-08-01 Unauthenticated Remote File Upload via HTTP for Personal Address Book 2.0 on iOS none
2013-08-01 Unauthenticated Remote File Upload via HTTP for ruby-Programming language 1.7 on iOS none
2013-07-31 Rgpg 0.2.2 Ruby Gem Remote Command Injection 2013-4203
2013-07-03 Solaris Recommended Patch Cluster 6/19 local root on x86 2010-1183
2013-06-03 Remote command Injection in Ruby Gem lipsiadmin 5.1.9 none
2013-05-23 Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability 2013-2105
2013-05-14 Remote command Injection in Creme Fraiche 0.6 Ruby Gem 2013-2090
2013-04-04 Remote command injection in Ruby Gem kelredd-pruview 0.3.8 2013-1947
2013-04-01 Remote Command Injection Karteek Docsplit 0.5.4 2013-1933
2013-03-28 Remote command execution ldoce 0.0.2 2013-1911
2013-03-27 File clobbering vulnerability in latest Solaris 10 patch cluster 2010-1183
2013-03-25 Thumbshooter 0.1.5 remote code execution 2013-1898
2013-03-16 OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability 2013-2561
2013-03-15 Remote command execution in Ruby Gem Command Wrap 2013-1875
2013-03-12 Curl Ruby Gem Remote command execution 2013-1878
2013-2617
2013-03-12 MiniMagic ruby gem remote code execution 2013-2616
2013-1877
2013-03-01 Flash Tool 0.6.0 Remote code execution vulnerability 2013-2513
2013-02-24 Fileutils 0.7 Ruby Gem remote command execution and insecure file handling in /tmp 2013-2516
2013-02-19 Oracle Auto Service Request /tmp file clobbering vulnerability 2013-1495
2013-02-18 Remote command execution for Ruby Gem ftpd-0.2.1 2013-2512
2013-01-31 SUNWswasr RPM post install /tmp race condition none
2013-01-15 Insecure /tmp file use solaris 10 patch cluster for sparc 2013-0415
2013-01-14 Oracle Solaris Bind/Postinstall script for Bind package local root 2013-0415
2012-12-07 Centrify Deployment Manager v2.1.0.283 local root 2012-6348
2012-12-03 Centrify Deployment Manager v2.1.0.283 /tmp file clobbering vulnerability none
2012-03-14 Oracle Exadata InfiniBand Vulnerabilities none
2012-01-02 Mambo CMS vulnerabilities 2013-2562
2013-2565
2013-2563
2013-2564
2009-09-02 OpenOffice 1.0.1 Race condition during installation 2002-2210
2008-01-17 PatchLink Update Unix Client File clobbering vulnerability 2008-0525
2008-01-17 Patchlink local root for HP-UX Shutdown and reboot 2008-0525
2006-10-01 IBM Informix File Clobbering during Install 2006-5163
2006-03-24 Open tftpserver path traversal vulnerability none
2006-03-04 thttpd-2.25b htpasswd Vulnerabilities 2002-2389
2003-11-26 Borland's InterBase 7.1 poor Password Data File Permissions and Password Hash 2004-1833
2003-10-20 PrimeBase Database Poor File Permissions and Crypt() Hash none
2003-09-01 PrimeBase Database 4.2 poor file permissions none
2003-03-11 Cache Database Poor File Permissions Lead To Local Root 2003-0498
2003-0497
2002-12-20 /tmp Symlink Vulnerability with ZeroG's InstallAnywhere5 none
2002-12-10 SAP Database Local Root Vulnerability During Installation 2003-0265
2002-10-14 Fastlink Software's TheServer http server clear text password 2002-2389
2002-08-16 Remote Buffer Overflow in pServ 2.0 Alpha 11 none
2002-01-14 local root during installation of Tarantella Enterprise 3 2002-0211
2002-01-14 Another local root during installation of Tarantella Enterprise 3 2002-0296
2001-12-27 Format String Vulnerablity in Lynx none
2001-11-23 Xitami Webserver clear text password storage Vulnerability 2001-1481
2001-10-01 insecure temp file creation during installation of Netscape 6 2001-1066
2000-12-18 Solaris 2.7/2.8 catman Temp File Vulnerability 2001-0095
2000-11-30 Voyant Sonata doroot command vulnerability 2001-0176
2000-10-31 Vulnerability Report For Voyant Technologies Sonata Conferencing product none
2000-06-27 Arbitrary file read & weak password encryption flower fire sawmill v5.0.21 2000-0588
2000-0589
1999-08-01 OCE plotter anonymous proxy none
1999-05-19 Irix Midikeys local root Vulnerability 1999-0765
1999-02-17 AIX Snap command password vulnerability 1999-1405