Lucene search
K

8223 matches found

OSV
OSV
added 2020/06/02 9:15 p.m.21 views

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5CVSS7.2AI score
Exploits0References2
Cvelist
Cvelist
added 2020/06/02 8:33 p.m.20 views

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5AI score0.0183EPSS
Exploits0References2
CVE
CVE
added 2020/06/02 8:33 p.m.90 views

CVE-2020-13764

The CVE-2020-13764 entry documents an information-disclosure vulnerability in the WordPress Gravity Forms plugin prior to version 2.4.9. The issue arises because common.php exposes hashed passwords by not treating user_pass as a special case for $current_user->get($property), allowing potentia...

7.5CVSS7.5AI score0.0183EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/25 12:0 a.m.16 views

Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues

Despite fixing the SQL injection, the plugin was still affected by CSRF issues, which could allow an attacker to make a logged in administrator edit, add, and delete arbitrary signup form views...

3.7AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2020/05/25 12:0 a.m.63 views

Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection

Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter of th...

0.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/05/25 12:0 a.m.18 views

Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection

Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. PoC One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter o...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/05/25 12:0 a.m.14 views

WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...

3.9AI score
Exploits0References2Affected Software1
Microsoft KB
Microsoft KB
added 2020/05/12 7:0 a.m.29 views

Microsoft Dynamics 365 (on-premises) Update 2.18

Microsoft Dynamics 365 on-premises Update 2.18 Introduction Service Update 2.18 for Microsoft Dynamics CRM on-premises 8.2 is now available. This article describes the hotfixes and updates that are included in Service Update 2.18. More Information Update package| Version number ---|--- Microsoft...

5.4CVSS5.7AI score0.01414EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/05/12 12:0 a.m.49 views

Microsoft SharePoint Shared Forms Incomplete Blacklist Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of shared forms. It is possible to invoke a shared form in a way that allo...

8.8CVSS3.8AI score0.15134EPSS
Exploits0References1
Talos
Talos
added 2020/05/12 12:0 a.m.42 views

Adobe Acrobat Reader DC Javascript submitForm Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to out of bounds memory access when opening a PDF document in Adobe Acrobat Reader DC 2020.006.20034. With careful memory manipulation, this can lead to sensitive information disclose as well as memory corruption which can lead to...

5.5CVSS7.4AI score0.02717EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2020/05/08 9:0 p.m.161 views

Potential Code Injection in Sprout Forms

Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...

7.4CVSS1.1AI score0.01029EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2020/05/08 9:0 p.m.17 views

GHSA-PX8V-HXXX-2RGH Potential Code Injection in Sprout Forms

Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...

7.4CVSS6.8AI score0.01029EPSS
Exploits0References4
CNVD
CNVD
added 2020/05/08 12:0 a.m.3 views

Sprout Forms Code Injection Vulnerability

Sprout Forms is a form builder plugin. A code injection vulnerability exists in Sprout Forms versions prior to 3.9.0. An attacker can exploit this vulnerability to execute Twig code...

7.4CVSS7.7AI score0.01029EPSS
Exploits0References1
NVD
NVD
added 2020/05/07 9:15 p.m.13 views

CVE-2020-11056

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

7.4CVSS7.5AI score0.01029EPSS
Exploits0References2
OSV
OSV
added 2020/05/07 9:15 p.m.14 views

CVE-2020-11056

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

6.3CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2020/05/07 9:15 p.m.15 views

Template injection

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

6.5CVSS6.5AI score0.01029EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/05/07 8:50 p.m.19 views

CVE-2020-11056 Potential Code Injection in Sprout Forms

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

7.4CVSS7.5AI score0.01029EPSS
Exploits0References2
CVE
CVE
added 2020/05/07 8:50 p.m.101 views

CVE-2020-11056

In Sprout Forms below version 3.9.0, there is a Server-Side Template Injection vulnerability when using custom fields in Notification Emails that can lead to execution of Twig code. Root cause: unsafely interpolating user-controlled fields in email templates, enabling Twig execution. Impact descr...

7.4CVSS6.6AI score0.01029EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/05/07 6:4 p.m.6 views

aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +100 more potentially affected by CVE-2020-11037 via wagtail (>=1.0.0 <=2.6.3)

wagtail PYPI version =1.0.0, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.1.1, =0.2.9, =5.22.3, =0.0.1, =10.1.21 and more Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...

6.1CVSS6AI score0.0025EPSS
Exploits0
Drupal
Drupal
added 2020/05/06 12:0 a.m.21 views

Webform - Critical - Remote Code Execution - SA-CONTRIB-2020-011

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute elementvalidate, for example that would invoke execution of undesired PH...

6.6AI score
Exploits0References7
Rows per page
Query Builder