8221 matches found
Arbitrary File Overwrite
libreoffice is vulnerable to arbitrary file overwrite. Forms allowed to be submitted to any URI could result in local file overwrite...
Wordpress Plugin Easy Registration Forms (ER Forms) Input Verification Error
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Easy Registration Forms is a Wordpress plugin for implementing form effects. An input validation error vulnerability exists in the...
Google Forms Abused to Phish AT&T Credentials
Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims’ credentials. The forms masquerade as login pages from more than 25 different companies, brands and government agencies. So far, 265 different Google Forms used in these attacks have been...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
Design/Logic Flaw
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
CVE-2020-22275
Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...
CVE-2020-22275
The CVE describes a CSV injection in WordPress Easy Registration Forms (ER Forms) plugin v2.0.6, where attacker-supplied entries with malicious CSV commands are not sanitized, enabling code execution when an admin exports CSV data. Affected component: ER Forms plugin for WordPress; root cause: in...
ALSA-2020:4628 Low: libreoffice security, bug fix, and enhancement update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
Command Execution Vulnerability in Extreme Forms 2019 (Windows Client)
Extreme Forms 2019 is an Excel-like forms office software. A command execution vulnerability exists in Extreme Forms 2019 Windows client. An attacker can exploit the vulnerability to execute arbitrary code...
Denial Of Service (DoS)
Play-Java-Forms are vulnerable to denial of service DoS. The vulnerability exists as a deep JSON parsed as a HTTP request payload causes a stack overflow...
Microsoft Xamarin.Forms Spoofing Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A spoofing vulnerability exists in Microsoft Xamarin.Forms. The vulnerability stems from a default setting in Android WebView versions prior to 83.0.4103.106. An attacker can exploit the vulnerability t...
SQL Injection Vulnerability in Universal Forms Module of Semaphore CMS E-commerce System
Shining CMS e-commerce system bilingual with mobile version to php + mysql development, site installation is simple and fast. Shining CMS e-commerce system SQL injection vulnerability, attackers can use this vulnerability to obtain data content and other sensitive information...
download-legal-forms.com Cross Site Scripting vulnerability OBB-1404804
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
boatbillofsaleforms.com Cross Site Scripting vulnerability OBB-1402179
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2020-25768
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...
CVE-2020-25768
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...
Input validation
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered...
CVE-2020-25768
CVE-2020-25768 (Contao) involves improper input validation that allows insertion of insert tags in front-end forms, which are later rendered as part of the page. Affected products/versions include Contao prior to 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1. The underlying issue is inject...
Universal Health Services Ransomware Attack Impacts Hospitals Nationwide
A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. The attack occurred in the wee hours of the morning on Monday, according to reports coming in from employees on Reddit and other platforms. On Reddit, a discussion with hundreds ...
GHSA-F7WM-X4GW-6M23 Contao Insert tag injection in forms
Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...