Weekly Updates: a new vulnerability is published on the National Vulnerability Database (24 items)

New vulnerabilities from the NVD: CVE-2014-10395 The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. Published at: August 27, 2019 at 03:15PM View on website August 27, 2019 at 07:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6719 The sharebar plugin before 1.2.2 for WordPress has SQL injection. Published at: August 28, 2019 at 03:15PM View on website August 28, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6718 The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. Published at: August 28, 2019 at 03:15PM View on website August 28, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2012-6717 The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. Published at: August 28, 2019 at 03:15PM View on website August 28, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2011-5329 The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. Published at: August 28, 2019 at 03:15PM View on website August 28, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9334 (email-newsletter) The email-newsletter plugin through 20.15 for WordPress has SQL injection. Published at: August 22, 2019 at 11:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10394 (rich_counter) The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. Published at: August 22, 2019 at 10:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10391 (wp_support_plus_responsive_ticket_system) The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. Published at: August 22, 2019 at 10:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10390 (wp_support_plus_responsive_ticket_system) The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. Published at: August 22, 2019 at 10:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10389 (wp_support_plus_responsive_ticket_system) The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. Published at: August 22, 2019 at 10:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10388 (wp_support_plus_responsive_ticket_system) The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. Published at: August 22, 2019 at 10:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10386 (wp_live_chat_support) The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. Published at: August 22, 2019 at 11:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10382 (featured_comments) The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. Published at: August 22, 2019 at 11:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2013-7483 (slidedeck_2) The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. Published at: August 22, 2019 at 11:15PM View on website August 29, 2019 at 05:38PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-9982 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none. Published at: August 30, 2019 at 06:15PM View on website August 30, 2019 at 09:09PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10061 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none. Published at: August 30, 2019 at 06:15PM View on website August 30, 2019 at 09:09PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10060 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none. Published at: August 30, 2019 at 06:15PM View on website August 30, 2019 at 09:09PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2014-10049 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2014. Notes: none. Published at: August 30, 2019 at 07:15PM View on website August 30, 2019 at 11:09PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9355 (two-factor-authentication) The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. Published at: August 28, 2019 at 03:15PM View on website September 03, 2019 at 08:14PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2015-9358 (feedwordpress) The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). Published at: August 28, 2019 at 03:15PM View on website September 03, 2019 at 10:02PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-18370 (advanced_secure_gateway, proxysg) The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. Published at: August 30, 2019 at 12:15PM View on website September 05, 2019 at 07:32PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-11569 Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2. Published at: September 05, 2019 at 07:15PM View on website September 05, 2019 at 09:32PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2016-7398 A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. Published at: September 06, 2019 at 10:15PM View on website September 06, 2019 at 11:32PM via National Vulnerability Database New vulnerabilities from the NVD: CVE-2018-11198 An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. Published at: September 07, 2019 at 12:15AM View on website September 07, 2019 at 01:32AM via National Vulnerability Database