Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in the WordPress File Upload plugin (wp-file-upload) before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
Published Aug 12, 2014 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The cforms2 plugin before 10.5 for WordPress has XSS.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
Published Aug 27, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The cforms2 plugin before 10.2 for WordPress has XSS.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
Published Aug 14, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
Published Aug 27, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
Published Aug 21, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
Published Aug 16, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
Published Aug 22, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
Published Aug 21, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.
Published Aug 21, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
Published Aug 20, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The duplicate-post plugin before 2.6 for WordPress has XSS.
Published Aug 21, 2019 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
Published Aug 5, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.
Published Aug 5, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
Published Aug 19, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c.
Published Aug 31, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.
Published Aug 6, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.
Published Aug 6, 2016 · Updated Aug 6, 2024