Security Vulnerabilities - CVEs Published In September 2019
In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-09-16
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-09-16
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-09-16
marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-09-16
The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-16
The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-09-16
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-09-16
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
CVSS Score
8.8
EPSS Score
0.571
Published
2019-09-16
The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-16
The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-16