CVE-2017-1002153 CVSS:5.0
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. (Last Update:2017-10-25) (Publish Update:2017-10-06)
CVE-2017-1002151 CVSS:5.0
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002150 CVSS:5.8
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002100 CVSS:4.0
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. (Last Update:2017-09-29) (Publish Update:2017-09-14)
CVE-2017-1002028 CVSS:7.5
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002027 CVSS:7.5
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002026 CVSS:6.5
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002025 CVSS:6.5
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002024 CVSS:4.0
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. (Last Update:2017-09-27) (Publish Update:2017-09-14)
CVE-2017-1002023 CVSS:7.5
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002022 CVSS:7.5
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002021 CVSS:7.5
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002020 CVSS:7.5
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. (Last Update:2017-09-19) (Publish Update:2017-09-14)
CVE-2017-1002019 CVSS:7.5
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002018 CVSS:7.5
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002017 CVSS:4.3
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002016 CVSS:7.5
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. (Last Update:2017-09-27) (Publish Update:2017-09-14)
CVE-2017-1002015 CVSS:7.5
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002014 CVSS:7.5
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002013 CVSS:7.5
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002012 CVSS:7.5
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002011 CVSS:3.5
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1002010 CVSS:7.5
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002009 CVSS:7.5
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002008 CVSS:7.5
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. (Last Update:2017-09-27) (Publish Update:2017-09-14)
CVE-2017-1002007 CVSS:5.0
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002006 CVSS:5.0
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002005 CVSS:5.0
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002004 CVSS:5.0
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. (Last Update:2017-09-18) (Publish Update:2017-09-14)
CVE-2017-1002003 CVSS:7.5
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. (Last Update:2017-09-27) (Publish Update:2017-09-14)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com