Total
299161 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-11023 | 1 Odata4j Project | 1 Odata4j | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | |||||
CVE-2016-11022 | 1 Netgear | 6 Prosafe Wc7520, Prosafe Wc7520 Firmware, Prosafe Wc7600 and 3 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | |||||
CVE-2016-11020 | 1 Kunena | 1 Kunena | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. | |||||
CVE-2016-11018 | 1 Huge-it | 1 Image Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | |||||
CVE-2016-11017 | 1 Akips | 1 Network Monitor | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6. | |||||
CVE-2016-11016 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | |||||
CVE-2016-11015 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. | |||||
CVE-2016-11014 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | |||||
CVE-2016-11013 | 1 Agentevolution | 1 Impress Listings | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | |||||
CVE-2016-11012 | 1 Solaplugins | 1 Sola Support Tickets | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | |||||
CVE-2016-11011 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | |||||
CVE-2016-11010 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | |||||
CVE-2016-11009 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | |||||
CVE-2016-11008 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | |||||
CVE-2016-11007 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | |||||
CVE-2016-11006 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | |||||
CVE-2016-11005 | 1 Elfsight | 1 Instalinker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | |||||
CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | |||||
CVE-2016-11003 | 1 Elegantthemes | 1 Monarch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | |||||
CVE-2016-11002 | 1 Elegantthemes | 1 Extra | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. |