Vulnerabilities (CVE)

Total 299161 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-11023 1 Odata4j Project 1 Odata4j 2024-11-21 7.5 HIGH 9.8 CRITICAL
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
CVE-2016-11022 1 Netgear 6 Prosafe Wc7520, Prosafe Wc7520 Firmware, Prosafe Wc7600 and 3 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.
CVE-2016-11020 1 Kunena 1 Kunena 2024-11-21 7.5 HIGH 9.8 CRITICAL
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
CVE-2016-11018 1 Huge-it 1 Image Gallery 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().
CVE-2016-11017 1 Akips 1 Network Monitor 2024-11-21 10.0 HIGH 9.8 CRITICAL
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
CVE-2016-11016 1 Netgear 2 Jnr1010, Jnr1010 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.
CVE-2016-11015 1 Netgear 2 Jnr1010, Jnr1010 Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.
CVE-2016-11014 1 Netgear 2 Jnr1010, Jnr1010 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
CVE-2016-11013 1 Agentevolution 1 Impress Listings 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.
CVE-2016-11012 1 Solaplugins 1 Sola Support Tickets 2024-11-21 3.5 LOW 5.4 MEDIUM
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS.
CVE-2016-11011 1 Usabilitydynamics 1 Wp-invoice 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
CVE-2016-11010 1 Usabilitydynamics 1 Wp-invoice 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
CVE-2016-11009 1 Usabilitydynamics 1 Wp-invoice 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
CVE-2016-11008 1 Usabilitydynamics 1 Wp-invoice 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
CVE-2016-11007 1 Usabilitydynamics 1 Wp-invoice 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
CVE-2016-11006 1 Usabilitydynamics 1 Wp-invoice 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
CVE-2016-11005 1 Elfsight 1 Instalinker 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS.
CVE-2016-11004 1 Elegantthemes 1 Monarch 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.
CVE-2016-11003 1 Elegantthemes 1 Monarch 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.
CVE-2016-11002 1 Elegantthemes 1 Extra 2024-11-21 6.5 MEDIUM 8.8 HIGH
The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.