Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-11565
PUBLISHED: 2019-04-27

Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter.

CVE-2019-11567
PUBLISHED: 2019-04-27

An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET[‘del’], as demonstrated by an admin/page/system/nav.php?del= URI.

CVE-2019-11568
PUBLISHED: 2019-04-27

An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.

CVE-2019-11555
PUBLISHED: 2019-04-26

The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (deni…

CVE-2019-11557
PUBLISHED: 2019-04-26

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST[‘action’] value and the $_GET[‘action’] value, and th…

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: