Weekly Update: a new vulnerability is published on the National Vulnerability Database (33 items)

New vulnerabilities from the NVD: CVE-2017-8087 Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. Published at: October 22, 2019 at 07:15PM View on website October 22, 2019 at 09:51PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9500 The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. Published at: October 23, 2019 at 12:15AM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9499 The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. Published at: October 23, 2019 at 12:15AM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9498 The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. Published at: October 23, 2019 at 12:15AM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9497 The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. Published at: October 23, 2019 at 12:15AM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9496 The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. Published at: October 23, 2019 at 12:15AM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9495 The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. Published at: October 22, 2019 at 11:15PM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9494 The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. Published at: October 22, 2019 at 11:15PM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9493 The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. Published at: October 22, 2019 at 11:15PM View on website October 23, 2019 at 01:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9501 The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. Published at: October 23, 2019 at 01:15AM View on website October 23, 2019 at 03:51AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9515 The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9514 The Easy Digital Downloads (EDD) Free Downloads extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9513 The Easy Digital Downloads (EDD) Favorites extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9512 The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9511 The Easy Digital Downloads (EDD) Conditional Success Redirects extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9510 The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9509 The Easy Digital Downloads (EDD) Content Restriction extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9508 The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9507 The Easy Digital Downloads (EDD) Attach Accounts to Orders extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9506 The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9505 The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7 for WordPress has XSS because add_query_arg is misused. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9504 The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9503 The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9502 The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7333 A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. Published at: October 23, 2019 at 08:15PM View on website October 23, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-2304 A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. Published at: October 23, 2019 at 09:15PM View on website October 24, 2019 at 12:06AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2002-2439 Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. Published at: October 23, 2019 at 09:15PM View on website October 24, 2019 at 12:06AM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-0270 Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Published at: October 25, 2019 at 06:15PM View on website October 25, 2019 at 08:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4857 D-Link DIR-865L has PHP File Inclusion in the router xml file. Published at: October 25, 2019 at 07:15PM View on website October 25, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4856 D-Link DIR-865L has Information Disclosure. Published at: October 25, 2019 at 07:15PM View on website October 25, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4855 D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in the SMB service allowing symbolic links to be created to locations outside of the Samba share. Published at: October 25, 2019 at 07:15PM View on website October 25, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4848 TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. Published at: October 25, 2019 at 08:15PM View on website October 25, 2019 at 10:06PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-4658 Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. Published at: October 25, 2019 at 08:15PM View on website October 25, 2019 at 10:06PM via National Vulnerability Database