Lucene search
K

482 matches found

Zero Day Initiative
Zero Day Initiative
added 2019/10/15 12:0 a.m.34 views

Adobe Acrobat Reader DC XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acroba...

7.8CVSS2.8AI score0.03637EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 1:15 p.m.4 views

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

7.5CVSS5.8AI score0.01392EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 1:15 p.m.3 views

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

9.1CVSS5.8AI score0.01744EPSS
Exploits0References1
CVE
CVE
added 2019/08/22 12:40 p.m.56 views

CVE-2018-20981

CVE-2018-20981 affects the WordPress Ninja Forms plugin prior to version 3.3.9. The issue is described as insufficient restrictions on submission-data retrieval during Export Personal Data requests, which could enable access to personal data during the export process. The available connected docu...

9.1CVSS9.2AI score0.01744EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:37 p.m.19 views

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

7.7AI score0.01392EPSS
Exploits0References1
OSV
OSV
added 2019/08/14 3:15 p.m.5 views

CVE-2019-15025

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page...

9.8CVSS7.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/05/15 12:0 a.m.26 views

Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acrobat...

7.8CVSS4.6AI score0.09685EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/12/12 12:0 a.m.34 views

Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acrobat...

7.8CVSS4.6AI score0.04917EPSS
Exploits0References1
CVE
CVE
added 2018/12/03 6:0 a.m.48 views

CVE-2018-19796

CVE-2018-19796 – Open Redirect in Ninja Forms (WordPress) . Affected software: WordPress Ninja Forms plugin versions before 3.3.19.1. Component: lib/StepProcessing/step-processing.php (submission/download page). Root cause: improper handling of the redirect parameter enables remote attackers to r...

6.1CVSS6.3AI score0.01581EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/11/15 6:29 a.m.15 views

Design/Logic Flaw

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php aka submissions page begindate, enddate, or formid parameter...

4.3CVSS6.2AI score0.08903EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2018/11/15 5:0 a.m.97 views

CVE-2018-19287

CVE-2018-19287 affects WordPress Ninja Forms plugin

6.1CVSS6.1AI score0.08903EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2018/04/20 9:29 p.m.19 views

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

4.8CVSS5.1AI score0.04578EPSS
Exploits4References5
OSV
OSV
added 2017/07/17 1:18 p.m.5 views

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

6.1CVSS5.7AI score0.02145EPSS
Exploits1References2
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.8 views

WordPress TDO Mini Forms Plugin <= 0.13.9 - Remote Code Execution

This plugin is prone to a remote code execution in tdomf-upload-inline.php. Solution Update the plugin...

2.6AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.9 views

WordPress A Forms Plugin <= 1.4.0 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability via: a-forms.php addfieldtosection function multiple parameter, a-forms.php aforminitialpage function multiple parameter, a-forms.php aformpage function multiple parameter, a-forms.php aformsectionpage Function message parameter,...

2.5AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.9 views

WordPress A Forms Plugin <= 1.4.0 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...

2.6AI score
Exploits0References1Affected Software1
NVD
NVD
added 2015/03/05 4:59 p.m.17 views

CVE-2015-2220

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

4.3CVSS5.8AI score0.02041EPSS
Exploits1References4
Prion
Prion
added 2015/03/05 4:59 p.m.17 views

Code injection

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

7.5CVSS7.2AI score0.02017EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/12/19 12:0 a.m.12 views

WordPress Live Forms Plugin <= 1.2.0 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability, because form input fields on blog front-end are not filtered. The attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

1.7AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2014/10/09 12:0 a.m.36 views

Wordpress InfusionSoft Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

7.5CVSS6.5AI score0.46174EPSS
Exploits8
Rows per page
Query Builder