WordPress Plugin Advanced Custom Fields Pro SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress plugin Advanced Custom Fields Pro SQL injection vulnerability. The vulnerability is caused due to the program faili...

Meta Box < 4.16.3 - Unauthorised File Deletion

The Meta Box – WordPress Custom Fields Framework WordPress plugin was affected by an Unauthorised File Deletion security vulnerability...

WordPress Advanced Custom Fields Pro 5.7.10 SQL Injection

Exploit Title : WordPress Advanced Custom Fields Pro Plugins 5.7.10 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : advancedcustomfields.com/pro/ Software Download Link :...

Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.5: New vulnerability form We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier. The new form brings you tabs to make it smaller and group different fields. Custom fields Add...

PDF Explorer 1.5.66.2 SEH Buffer Overflow

Exploit Title: PDF Explorer SEH Local Exploit Original Discovery:Gionathan "John" Reale DoS exploit Exploit Author: Achilles Date: 18-12-2018 Vendor Homepage: http://www.rttsoftware.com/ Software Link: https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip Tested Version: 1.5.66.2 Tested on:...

WordPress Advanced Custom Fields plugin <= 5.7.7 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Loading Kura Kura in WordPress Advanced Custom Fields plugin versions = 5.7.7. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.7.8...

WordPress Advanced Custom Fields 5.7.7 Cross Site Scripting

Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link: https://www.advancedcustomfields.com/ Version: 5.7.7 Tested on: Win10...

Wordpress Advanced-Custom-Fields 5.7.7 Plugins - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link: https://www.advancedcustomfields.com/...

WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting

Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link: https://www.advancedcustomfields.com/ Version: 5.7.7 Tested on: Win10...

CVE-2018-16281

The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control...

CVE-2018-16281

The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control...

CVE-2018-16281

The CVE-2018-16281 entry concerns the DEISER Profields - Project Custom Fields app for Jira (pre-6.0.2) with Incorrect Access Control. Public sources confirm affected software and version range, and the issue carries high severity (CVSS v3: 9.8, network attack, no authentication required, user in...

PDF Explorer 1.5.66.2 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: PDF Explorer 1.5.66.2 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip Tested Version: 1.5.66.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run...

Joomla < 3.8.12 ACL Violation Vulnerability

Joomla is prone to an ACL violation vulnerability in custom fields. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-11321

An issue was discovered in comfields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

CVE-2018-11321

An issue was discovered in comfields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

[20180506] - Core - Filter field in com_fields allows remote code execution

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

XSS in the issue collector through invalid values for a custom field - CVE-2018-5230

The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in t...

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link:...