The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-09-26
Updated
2019-09-27
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
Max CVSS
7.5
EPSS Score
1.84%
Published
2019-09-16
Updated
2019-09-16
The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.
Max CVSS
7.5
EPSS Score
0.17%
Published
2019-09-17
Updated
2019-09-18
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and earlier allows local users to execute arbitrary code via execution from a compromised folder placed by an attacker with administrator rights.
Max CVSS
6.9
EPSS Score
0.04%
Published
2019-09-13
Updated
2019-10-09
An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file).
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-09-03
Updated
2020-10-16
A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product.
Max CVSS
7.8
EPSS Score
0.07%
Published
2019-09-17
Updated
2022-02-03
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.
Max CVSS
8.1
EPSS Score
0.47%
Published
2019-09-09
Updated
2021-07-21
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system.
Max CVSS
4.9
EPSS Score
0.09%
Published
2019-09-20
Updated
2019-09-23

CVE-2019-11660

Public exploit
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
Max CVSS
7.8
EPSS Score
0.41%
Published
2019-09-13
Updated
2023-02-28
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a &lt;canvas&gt; element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Max CVSS
6.5
EPSS Score
0.45%
Published
2019-09-27
Updated
2019-10-04
An issue was discovered in LibreNMS 1.50.1. An authenticated user can perform a directory traversal attack against the /pdf.php file with a partial filename in the report parameter, to cause local file inclusion resulting in code execution.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-09-09
Updated
2019-09-10
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.
Max CVSS
7.5
EPSS Score
18.42%
Published
2019-09-23
Updated
2019-09-23
In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-09-24
Updated
2019-09-24
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Max CVSS
4.9
EPSS Score
0.72%
Published
2019-09-21
Updated
2019-09-23
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!