29 matches found
Wordpress Contact Form 7 to Database Extension Plugin CSV Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A CSV injection vulnerability exists in the Wordpress Contact Form 7 to Database Extension plugin, which can be exploited by ...
Wordpress Contact Form 7 to Database Extension 2.10.32 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link:...
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link:...
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link: https://wordpress.org/plugins/contact-form-7-to-database-extension Version: 2.10.32...
Contact Form DB <= 2.8.26 - Cross-Site Scripting (XSS)
The contact-form-7-to-database-extension WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
CVE-2015-2040
CVE-2015-2040 describes a cross-site scripting (XSS) vulnerability in the WordPress plugin Contact Form DB (CFDB / contact-form-7-to-database-extension) version 2.8.26. The issue allows remote attackers to inject arbitrary script/HTML via the submit_time parameter on the CF7DBPluginSubmissions pa...
Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2501-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2501-1 advisory. Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a...
CVE-2009-0257
Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name and 2 content of indexed files to the a Indexed Search Engine indexedsearch system extension; b...
security flaw
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...