Lucene search
K

8221 matches found

Veracode
Veracode
added 2020/11/05 3:18 a.m.35 views

Arbitrary File Overwrite

libreoffice is vulnerable to arbitrary file overwrite. Forms allowed to be submitted to any URI could result in local file overwrite...

6.5CVSS3.4AI score0.01712EPSS
Exploits0References9Affected Software3
CNVD
CNVD
added 2020/11/05 12:0 a.m.6 views

Wordpress Plugin Easy Registration Forms (ER Forms) Input Verification Error

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Easy Registration Forms is a Wordpress plugin for implementing form effects. An input validation error vulnerability exists in the...

8.8CVSS6.9AI score0.02144EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2020/11/04 9:48 p.m.33 views

Google Forms Abused to Phish AT&T Credentials

Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims’ credentials. The forms masquerade as login pages from more than 25 different companies, brands and government agencies. So far, 265 different Google Forms used in these attacks have been...

0.2AI score
Exploits0References12
OSV
OSV
added 2020/11/04 5:15 p.m.6 views

CVE-2020-22275

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

8.8CVSS7.3AI score0.02144EPSS
Exploits1References3
Prion
Prion
added 2020/11/04 5:15 p.m.17 views

Design/Logic Flaw

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

6.8CVSS8.6AI score0.02144EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/11/04 4:59 p.m.13 views

CVE-2020-22275

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

8.7AI score0.02144EPSS
Exploits1References3
CVE
CVE
added 2020/11/04 4:59 p.m.44 views

CVE-2020-22275

The CVE describes a CSV injection in WordPress Easy Registration Forms (ER Forms) plugin v2.0.6, where attacker-supplied entries with malicious CSV commands are not sanitized, enabling code execution when an admin exports CSV data. Affected component: ER Forms plugin for WordPress; root cause: in...

8.8CVSS8.6AI score0.02144EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/11/03 12:21 p.m.22 views

ALSA-2020:4628 Low: libreoffice security, bug fix, and enhancement update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

6.5CVSS6.3AI score0.01928EPSS
Exploits0References2
CNVD
CNVD
added 2020/10/29 12:0 a.m.2 views

Command Execution Vulnerability in Extreme Forms 2019 (Windows Client)

Extreme Forms 2019 is an Excel-like forms office software. A command execution vulnerability exists in Extreme Forms 2019 Windows client. An attacker can exploit the vulnerability to execute arbitrary code...

7.8AI score
Exploits0
Veracode
Veracode
added 2020/10/28 6:37 a.m.14 views

Denial Of Service (DoS)

Play-Java-Forms are vulnerable to denial of service DoS. The vulnerability exists as a deep JSON parsed as a HTTP request payload causes a stack overflow...

7.5CVSS2.7AI score0.01386EPSS
Exploits0References4Affected Software3
CNVD
CNVD
added 2020/10/28 12:0 a.m.4 views

Microsoft Xamarin.Forms Spoofing Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A spoofing vulnerability exists in Microsoft Xamarin.Forms. The vulnerability stems from a default setting in Android WebView versions prior to 83.0.4103.106. An attacker can exploit the vulnerability t...

8.8CVSS7.3AI score0.04006EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/28 12:0 a.m.3 views

SQL Injection Vulnerability in Universal Forms Module of Semaphore CMS E-commerce System

Shining CMS e-commerce system bilingual with mobile version to php + mysql development, site installation is simple and fast. Shining CMS e-commerce system SQL injection vulnerability, attackers can use this vulnerability to obtain data content and other sensitive information...

7.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/10/13 11:31 a.m.9 views

download-legal-forms.com Cross Site Scripting vulnerability OBB-1404804

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/10/12 5:14 p.m.10 views

boatbillofsaleforms.com Cross Site Scripting vulnerability OBB-1402179

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
NVD
NVD
added 2020/10/07 9:15 p.m.24 views

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

5.3CVSS0.00809EPSS
Exploits0References2
OSV
OSV
added 2020/10/07 9:15 p.m.14 views

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

5.3CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2020/10/07 9:15 p.m.19 views

Input validation

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...

5CVSS5.2AI score0.00809EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/10/07 8:37 p.m.76 views

CVE-2020-25768

CVE-2020-25768 (Contao) involves improper input validation that allows insertion of insert tags in front-end forms, which are later rendered as part of the page. Affected products/versions include Contao prior to 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1. The underlying issue is inject...

5.3CVSS5AI score0.00809EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2020/09/28 5:32 p.m.54 views

Universal Health Services Ransomware Attack Impacts Hospitals Nationwide

A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. The attack occurred in the wee hours of the morning on Monday, according to reports coming in from employees on Reddit and other platforms. On Reddit, a discussion with hundreds ...

6.8AI score
Exploits0References7
OSV
OSV
added 2020/09/24 4:23 p.m.17 views

GHSA-F7WM-X4GW-6M23 Contao Insert tag injection in forms

Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...

5.3CVSS5AI score0.00809EPSS
Exploits0References7
Rows per page
Query Builder