Lucene search
K

8225 matches found

vulnersOsv
vulnersOsv
added 2020/05/07 6:4 p.m.6 views

aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +100 more potentially affected by CVE-2020-11037 via wagtail (>=1.0.0 <=2.6.3)

wagtail PYPI version =1.0.0, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.1.1, =0.2.9, =5.22.3, =0.0.1, =10.1.21 and more Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...

6.1CVSS6AI score0.0025EPSS
Exploits0
Drupal
Drupal
added 2020/05/06 12:0 a.m.21 views

Webform - Critical - Remote Code Execution - SA-CONTRIB-2020-011

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute elementvalidate, for example that would invoke execution of undesired PH...

6.6AI score
Exploits0References7
OpenVAS
OpenVAS
added 2020/05/06 12:0 a.m.23 views

WordPress Ninja Forms Plugin < 3.4.24.2 CSRF Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS6.4AI score0.00459EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/30 12:0 a.m.3 views

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2020-27083)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ninja-forms is a contact form creation plugin used in it. A security vulnerability exists in WordPress ninja-forms versions prior ...

6.1CVSS6.6AI score0.00459EPSS
Exploits0
OSV
OSV
added 2020/04/29 5:15 p.m.2 views

CVE-2020-12462

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...

6.1CVSS6.4AI score0.00459EPSS
Exploits0References1
NVD
NVD
added 2020/04/29 5:15 p.m.12 views

CVE-2020-12462

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...

6.1CVSS6.4AI score0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/29 4:23 p.m.17 views

CVE-2020-12462

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...

6.4AI score0.00459EPSS
Exploits0References1
CVE
CVE
added 2020/04/29 4:23 p.m.76 views

CVE-2020-12462

CVE-2020-12462 affects the WordPress Ninja Forms plugin prior to 3.4.24.2. Multiple sources (Red Hat, CVE/NVD, WPVulndB) describe a CSRF bug that can yield a stored XSS condition via the plugin’s import/contact features. Root cause: CSRF vulnerability exploited to inject arbitrary JavaScript. Imp...

6.1CVSS6.3AI score0.00459EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/29 12:0 a.m.17 views

Ninja Forms < 3.4.24.2 - CSRF to Stored XSS

Ramuel Gall of Wordfence discovered a Cross-Site Request ForgeryCSRF plugin vulnerability within the Ninja Forms WordPress plugin. By exploiting the CSRF vulnerability, an attacker could inject arbitrary malicious JavaScript via the import contact feature. This vulnerability was reportedly fixed ...

4.3CVSS4AI score0.00459EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/04/22 9:15 p.m.14 views

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.8AI score0.04787EPSS
Exploits0References2
Prion
Prion
added 2020/04/22 9:15 p.m.19 views

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS7.8AI score0.04787EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/04/22 8:51 p.m.23 views

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS7.8AI score0.04787EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2020/04/20 9:8 a.m.25 views

Description of 2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2

Describes 2007 Microsoft Office servers Service Pack 2 SP2 and 2007 Microsoft Office servers Language Pack Service Pack 2 SP2. This includes a complete list of the improvements that SP2 provides.INTRODUCTIONThe 2007 Microsoft Office servers Service Pack 2 SP2 package gives customers the latest...

0.3AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2020/04/16 12:0 a.m.25 views

Foxit Reader XFA Widget Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of widge...

7.8CVSS2.2AI score0.04787EPSS
Exploits0References1
NVD
NVD
added 2020/04/15 9:15 p.m.44 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS7.5AI score0.01686EPSS
Exploits0References3
OSV
OSV
added 2020/04/15 9:15 p.m.29 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5CVSS6.8AI score0.01686EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/04/15 8:18 p.m.37 views

CVE-2020-9280

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...

7.5AI score0.01686EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2020/04/13 4:8 a.m.104 views

MS15-022: Description of the security update for the 2007 Microsoft Office system: March 10, 2015

Describes a security update that resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.IntroductionThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an...

7.5AI score
Exploits0
Drupal
Drupal
added 2020/04/08 12:0 a.m.22 views

Spamicide - Critical - Access bypass - SA-CONTRIB-2020-009

The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass...

6.6AI score
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.2 views

The vulnerability of the SiTex development platform’s SiTex-Gosuslu component, which stems from the absence of a CSRF token in web forms, allows actions to be performed on behalf of users, including administrators.

The vulnerability of the SiTex-Service component of the distributed application development platform involves the absence of a CSRF token in web forms. Exploiting this vulnerability allows an attacker to execute cross-site requests on behalf of users, including administrators, through a specially...

7.5CVSS5.5AI score
Exploits0Affected Software1
Rows per page
Query Builder