CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6951 CVE-2016-1000120 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
6952 CVE-2016-1000119 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
6953 CVE-2016-1000118 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
6954 CVE-2016-1000117 79 XSS 2016-10-21 2017-01-05
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
6955 CVE-2016-1000116 79 Sql XSS 2016-10-21 2017-03-27
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
6956 CVE-2016-1000115 79 Sql XSS 2016-10-21 2017-11-13
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
6957 CVE-2016-1000000 89 Sql 2016-10-06 2017-11-02
6.5
None Remote Low Single system Partial Partial Partial
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
6958 CVE-2016-11004 269 2019-09-20 2019-09-20
6.5
None Remote Low Single system Partial Partial Partial
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.
6959 CVE-2016-11003 269 2019-09-20 2019-09-20
6.5
None Remote Low Single system Partial Partial Partial
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.
6960 CVE-2016-11002 269 2019-09-20 2019-09-20
6.5
None Remote Low Single system Partial Partial Partial
The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.
6961 CVE-2016-10989 352 CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.
6962 CVE-2016-10982 352 CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.
6963 CVE-2016-10978 352 CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.
6964 CVE-2016-10974 352 XSS CSRF 2019-09-17 2019-09-17
6.8
None Remote Medium Not required Partial Partial Partial
The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS.
6965 CVE-2016-10968 269 2019-09-16 2019-09-17
6.5
None Remote Low Single system Partial Partial Partial
The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
6966 CVE-2016-10965 22 Dir. Trav. 2019-09-16 2019-09-17
6.4
None Remote Low Not required None Partial Partial
The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion.
6967 CVE-2016-10960 20 Exec Code 2019-09-16 2019-09-17
6.5
None Remote Low Single system Partial Partial Partial
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
6968 CVE-2016-10951 89 Sql 2019-09-13 2019-09-16
6.5
None Remote Low Single system Partial Partial Partial
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
6969 CVE-2016-10950 89 Sql 2019-09-13 2019-09-16
6.5
None Remote Low Single system Partial Partial Partial
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
6970 CVE-2016-10949 89 Sql 2019-09-13 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
6971 CVE-2016-10948 20 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.
6972 CVE-2016-10947 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.
6973 CVE-2016-10946 352 CSRF 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
6974 CVE-2016-10945 352 CSRF 2019-09-13 2019-09-16
6.8
None Remote Medium Not required Partial Partial Partial
The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.
6975 CVE-2016-10944 352 CSRF 2019-09-13 2019-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
6976 CVE-2016-10943 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
6977 CVE-2016-10940 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
6978 CVE-2016-10939 89 Sql 2019-09-13 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.
6979 CVE-2016-10931 295 2019-08-26 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
6980 CVE-2016-10927 918 2019-08-22 2019-08-26
6.4
None Remote Low Not required Partial Partial None
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
6981 CVE-2016-10926 918 2019-08-22 2019-08-26
6.4
None Remote Low Not required Partial Partial None
The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
6982 CVE-2016-10918 352 CSRF 2019-08-22 2019-08-26
6.8
None Remote Medium Not required Partial Partial Partial
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.
6983 CVE-2016-10915 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
6984 CVE-2016-10914 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
6985 CVE-2016-10905 416 2019-08-18 2019-09-25
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.
6986 CVE-2016-10903 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
6987 CVE-2016-10902 352 CSRF 2019-08-21 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
6988 CVE-2016-10885 352 CSRF 2019-08-14 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
6989 CVE-2016-10884 352 CSRF 2019-08-14 2019-09-06
6.8
None Remote Medium Not required Partial Partial Partial
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
6990 CVE-2016-10882 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
6991 CVE-2016-10876 352 CSRF 2019-08-12 2019-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
6992 CVE-2016-10874 352 CSRF 2019-08-12 2019-10-12
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
6993 CVE-2016-10863 352 CSRF 2019-08-08 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
6994 CVE-2016-10862 352 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.
6995 CVE-2016-10845 74 2019-08-01 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
6996 CVE-2016-10838 284 2019-08-01 2019-08-13
6.8
None Remote Low Single system Complete None None
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
6997 CVE-2016-10834 358 Bypass 2019-08-01 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
6998 CVE-2016-10831 287 2019-08-01 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
6999 CVE-2016-10829 552 2019-08-01 2019-08-12
6.8
None Remote Low Single system Complete None None
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
7000 CVE-2016-10826 287 Bypass 2019-08-01 2019-08-05
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.