| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016). |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016). |
| NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. |
| The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. |
| The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion. |
| The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF. |
| The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. |
| The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. |
| The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS. |
| The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. |
| The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. |
| The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. |
| The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. |
| The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. |
| The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. |
