Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-11742 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 4.3 |
| 2019-09-03 | CVE-2019-5479 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Larvit Larvitbase An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (JavaScript file). | 5.0 |
| 2019-08-30 | CVE-2019-15839 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Shaosina Sina Extension FOR Elementor The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | 5.0 |
| 2019-07-14 | CVE-2019-13589 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Anjlab Paranoid2 1.1.6 The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. | 7.5 |
| 2019-07-11 | CVE-2019-4263 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in IBM Content Navigator 3.0.0 IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. | 4.3 |
| 2019-04-29 | CVE-2019-11591 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Web-Dorado Contact Form The WebDorado Contact Form plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |
| 2019-04-29 | CVE-2019-11590 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in 10Web Form Maker The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 6.8 |
| 2018-12-20 | CVE-2018-17246 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. | 7.5 |
| 2018-11-28 | CVE-2018-12120 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nodejs Node.Js Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. | 6.8 |
| 2018-10-29 | CVE-2018-18387 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Playsms Project Playsms playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. | 9.0 |