Vulnerabilities > Exposure of Resource to Wrong Sphere
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-20 | CVE-2016-11010 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | 5.0 |
2019-09-20 | CVE-2016-11009 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | 5.0 |
2019-09-20 | CVE-2016-11008 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | 5.0 |
2019-09-20 | CVE-2016-11007 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | 5.0 |
2019-09-20 | CVE-2016-11006 | Exposure of Resource to Wrong Sphere vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | 5.0 |
2019-08-01 | CVE-2018-20947 | Exposure of Resource to Wrong Sphere vulnerability in Cpanel cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | 2.1 |
2019-08-01 | CVE-2016-10840 | Exposure of Resource to Wrong Sphere vulnerability in Cpanel cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | 9.0 |
2019-07-31 | CVE-2019-10365 | Exposure of Resource to Wrong Sphere vulnerability in Google Kubernetes Engine Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission. | 4.3 |
2019-07-23 | CVE-2019-11728 | Exposure of Resource to Wrong Sphere vulnerability in multiple products The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. | 4.7 |
2019-07-07 | CVE-2019-13379 | Exposure of Resource to Wrong Sphere vulnerability in Avtech Room Alert 3E Firmware On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. | 9.0 |