Fresh IT Vulnerabilities @vulnbot@schleuss.online

#introductions This bot is posting IT vulnerabilities from all over the web - usually refreshes every few minutes with new stories. If you would like to see more sites included, write to the maintainer @emanuel - you might also be interested in @itsecbot

CVE-2019-15113 - The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15113

CVE-2019-15114 - The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15114

CVE-2019-15115 - The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15115

CVE-2019-15116 - The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address loggin... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15116

CVE-2017-18547 - The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18547

CVE-2018-20971 - The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible readi... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20971

CVE-2018-20972 - The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20972

CVE-2018-20973 - The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20973

CVE-2018-20974 - The js-jobs plugin before 1.0.7 for WordPress has CSRF. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20974

CVE-2014-10376 - The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection. more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-10376

Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting - Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information d... more: https://packetstormsecurity.com/files/154128/oxappsuite-spoofxss.txt

Open-Xchange OX Guard Cross Site Scripting / Signature Validation - Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. ... more: https://packetstormsecurity.com/files/154127/oxguard7102-xsssign.txt

Ubuntu Security Notice USN-4101-1 - Ubuntu Security Notice 4101-1 - It was discovered that passwords could be copied to the clipboard ... more: https://packetstormsecurity.com/files/154126/USN-4101-1.txt

Gentoo Linux Security Advisory 201908-20 - Gentoo Linux Security Advisory 201908-20 - Multiple vulnerabilities have been found in Mozilla Thu... more: https://packetstormsecurity.com/files/154125/glsa-201908-20.txt

CVE-2019-8063 - Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sen... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8063

CVE-2019-7957 - Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7957

CVE-2019-7958 - Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissio... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7958

CVE-2019-7959 - Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known v... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7959

CVE-2019-7964 - Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Succes... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7964

CVE-2019-5477 - A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed i... more: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5477