8222 matches found
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration...
CVE-2020-36174
CVE-2020-36174 affects the WordPress Ninja Forms plugin prior to version 3.4.27.1. The vulnerability is CSRF through the plugin’s services integration, enabling an attacker to trigger actions on behalf of an authenticated user. Public sources in the connected set corroborate that this issue is ro...
CVE-2020-36170
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...
CVE-2020-36170
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms...
WordPress Ninja Forms plugin code issue vulnerability
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. A code issue exists in the WordPress Ninja Forms plugin before...
WordPress Ninja Forms plugin Access Control Error Vulnerability
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. WordPress Ninja Forms plugin before 3.4.27.1 suffers from an Acce...
WordPress Ninja Forms plugin Cross-Site Request Forgery Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Ninja Forms plugin before 3.4.27.1 suffers from a cross-site request forgery vulnerability...
[SECURITY] [DSA 4820-1] horizon security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4820-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2020 https://www.debian.org/security/faq -...
CVE-2020-24444
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...
CVE-2020-24444
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...
Server side request forgery (ssrf)
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...
CVE-2020-24444 Blind SSRF in Forms add-on for AEM
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...
CVE-2020-24444
CVE-2020-24444 is a blind SSRF vulnerability affecting Adobe Experience Manager (AEM) Forms add-on components: specifically the AEM Forms SP6 add-on for AEM 6.5.6.0 and the Forms add-on package for AEM 6.4 Service Pack 8 CFP 2 (6.4.8.2). The underlying issue is a blind server-side request forgery...
Adobe Experience Manager 6.2 <= 6.2 SP1-CFP20 / 6.3 <= 6.3.3.8 / 6.4 < 6.4.8.3 / 6.5 < 6.5.7.0 Multiple Vulnerabilities (APSB20-01)
The version of Adobe Experience Manager installed on the remote host is affected by multiple vulnerabilities as referenced in the APSB20-72 advisory, as follows: - AEM's Cloud Service offering, as well as versions 6.5.6.0 and below, 6.4.8.2 and below and 6.3.3.8 and below are affected by a stored...
Foxit Reader JavaScript choice field use-after-free vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Foxit Reader Javascript Field fileSelect Use After Free Vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
CVE-2020-24444
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 6.4.8.2 have a blind Server-Side Request Forgery SSRF vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems tha...
APSB20-72 Security update available for Adobe Experience Manager
Adobe has released updates for Adobe Experience Manager AEM and the AEM Forms add-on package. These updates resolve vulnerabilities rated Critical and Important...
WordPress Easy Registration Forms plugin <= 2.0.6 - CSV Injection vulnerability
CSV Injection vulnerability found by Mohamad Pishdar cert.ikiu.ac.ir in WordPress Easy Registration Forms plugin versions = 2.0.6. Solution 2020-11-20 - we were unable to find information about the fix for this vulnerability...
Easy Registration Forms <= 2.0.6 - CSV Injection
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...