The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
Max CVSS
8.8
EPSS Score
0.27%
Published
2019-04-29
Updated
2023-02-27
The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
Max CVSS
8.8
EPSS Score
0.26%
Published
2019-04-29
Updated
2020-08-24
The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
Max CVSS
8.8
EPSS Score
0.09%
Published
2019-04-26
Updated
2023-02-27
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.
Max CVSS
6.1
EPSS Score
0.40%
Published
2019-04-25
Updated
2019-05-07
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
Max CVSS
9.3
EPSS Score
1.86%
Published
2019-04-19
Updated
2020-08-24
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
Max CVSS
8.1
EPSS Score
0.13%
Published
2019-04-22
Updated
2019-10-09
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Max CVSS
8.1
EPSS Score
0.14%
Published
2019-04-03
Updated
2021-10-28
On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.
Max CVSS
7.4
EPSS Score
0.13%
Published
2019-04-26
Updated
2020-08-24
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-04-17
Updated
2019-04-23
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
Max CVSS
7.8
EPSS Score
0.07%
Published
2019-04-10
Updated
2019-10-09
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
Max CVSS
7.8
EPSS Score
0.13%
Published
2019-04-29
Updated
2022-10-11
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.
Max CVSS
7.8
EPSS Score
1.95%
Published
2019-04-09
Updated
2019-04-10
Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
Max CVSS
7.8
EPSS Score
0.06%
Published
2019-04-25
Updated
2019-05-02
Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.
Max CVSS
7.8
EPSS Score
0.06%
Published
2019-04-25
Updated
2019-05-03
Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
Max CVSS
7.5
EPSS Score
0.21%
Published
2019-04-17
Updated
2020-12-28
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Max CVSS
9.8
EPSS Score
0.46%
Published
2019-04-08
Updated
2019-10-09
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!