8225 matches found
aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +100 more potentially affected by CVE-2020-11037 via wagtail (>=1.0.0 <=2.6.3)
wagtail PYPI version =1.0.0, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.1.1, =0.2.9, =5.22.3, =0.0.1, =10.1.21 and more Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...
Webform - Critical - Remote Code Execution - SA-CONTRIB-2020-011
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute elementvalidate, for example that would invoke execution of undesired PH...
WordPress Ninja Forms Plugin < 3.4.24.2 CSRF Vulnerability
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Cross-Site Request Forgery Vulnerability (CNVD-2020-27083)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ninja-forms is a contact form creation plugin used in it. A security vulnerability exists in WordPress ninja-forms versions prior ...
CVE-2020-12462
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...
CVE-2020-12462
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...
CVE-2020-12462
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...
CVE-2020-12462
CVE-2020-12462 affects the WordPress Ninja Forms plugin prior to 3.4.24.2. Multiple sources (Red Hat, CVE/NVD, WPVulndB) describe a CSRF bug that can yield a stored XSS condition via the plugin’s import/contact features. Root cause: CSRF vulnerability exploited to inject arbitrary JavaScript. Imp...
Ninja Forms < 3.4.24.2 - CSRF to Stored XSS
Ramuel Gall of Wordfence discovered a Cross-Site Request ForgeryCSRF plugin vulnerability within the Ninja Forms WordPress plugin. By exploiting the CSRF vulnerability, an attacker could inject arbitrary malicious JavaScript via the import contact feature. This vulnerability was reportedly fixed ...
CVE-2020-10907
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-10907
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Description of 2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2
Describes 2007 Microsoft Office servers Service Pack 2 SP2 and 2007 Microsoft Office servers Language Pack Service Pack 2 SP2. This includes a complete list of the improvements that SP2 provides.INTRODUCTIONThe 2007 Microsoft Office servers Service Pack 2 SP2 package gives customers the latest...
Foxit Reader XFA Widget Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of widge...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
CVE-2020-9280
In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is...
MS15-022: Description of the security update for the 2007 Microsoft Office system: March 10, 2015
Describes a security update that resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Microsoft Office file.IntroductionThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an...
Spamicide - Critical - Access bypass - SA-CONTRIB-2020-009
The Spamicide module protects Drupal forms with a form field that is hidden from normal users, but visible to spam bots. The module doesn't require appropriate permissions for administrative pages leading to an Access Bypass...
The vulnerability of the SiTex development platform’s SiTex-Gosuslu component, which stems from the absence of a CSRF token in web forms, allows actions to be performed on behalf of users, including administrators.
The vulnerability of the SiTex-Service component of the distributed application development platform involves the absence of a CSRF token in web forms. Exploiting this vulnerability allows an attacker to execute cross-site requests on behalf of users, including administrators, through a specially...