CVE-2018-18862

BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+Vie...

CVE-2018-18862

CVE-2018-18862 affects BMC Remedy Mid-Tier versions 7.1.00 through 9.1.02.003 for BMC Remedy AR System, caused by Incorrect Access Control in ITAM forms. The issue enables information disclosure via default/admin ITAM views (e.g., TLS:PLR-Configuration Details/Default Admin View, ARServerConnecti...

PT-2019-9651 · Bmc · Bmc Remedy Mid Tier

Name of the Vulnerable Software and Affected Versions: BMC Remedy Mid-Tier versions 7.1.00 through 9.1.02.003 Description: The issue concerns incorrect access control in ITAM forms. Specifically, it affects the following API endpoints: "TLS%3APLR-Configuration+Details/Default+Admin+View/",...

WordPress Smart Forms plugin <= 2.5.15 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Toshiharu Sugiyama in WordPress Smart Forms plugin versions = 2.5.15. Solution Update the WordPress Smart Forms plugin to the latest available version at least 2.6.16...

CVE-2019-5924

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

CVE-2019-5924

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

CVE-2019-5924

The CVE-2019-5924 issue affects the WordPress Smart Forms plugin (versions 2.6.15 and earlier). The root cause is a Cross-Site Request Forgery (CSRF) vulnerability that can allow an attacker to hijack an administrator’s authenticated session via a malicious page, enabling unauthorized actions suc...

CVE-2019-5924

Cross-site request forgery CSRF vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page...

WordPress Caldera Forms plugin <= 1.8.1 - Unspecified security issue related to Caldera Forms Pro API

Unspecified security issue found and patched in WordPress Caldera Forms plugin versions = 1.8.1. Vulnerable only when connected to Caldera Forms Pro API and used with WordPress SEO by Yoast or Jetpack’s map module. Solution Update the WordPress Caldera Forms plugin to the latest available version...

PT-2019-17865 · Unknown · Smart Forms

Name of the Vulnerable Software and Affected Versions: Smart Forms versions 2.6.15 and earlier Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators via a specially crafted page. Recommendations: For versions 2.6.15 and earlier,...

Caldera Forms Pro <= 1.8.1 - Unauthenticated Arbitrary File Read

According to the vendor: "This update includes an important SECURITY fix that affects some Pro customers. If you do not have Caldera Forms Pro API keys activated, this issue does not affect you." According to the original researchers: "The Caldera Forms Pro vulnerability would allow attackers to...

WordPress Contact Form 7 Multi-Step Forms plugin <= 3.0.8 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue found in WordPress Contact Form 7 Multi-Step Forms plugin versions = 3.0.8. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 3.0.9...

XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection

Exploit Title : XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 02/03/2019 Vendor Homepage : xenforo.com snogssite.com Software Information Link :...

WordPress Smart Forms Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Smart Forms 2.6.15 and earlier versions. A remote attacker can...

March 1, 2019 — KB4486553 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019

March 1, 2019 — KB4486553 Cumulative update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server 2019 Release Date: 02/26/2019Version: .NET Framework 3.5 and 4.7.2 Improvements and fixes This update includes quality improvements. No new operating system features are...

Smart Forms <= 2.5.15 - Cross-Site Request Forgery (CSRF)

The Smart Forms – when you need more than just a contact form WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

JVN#97656108: WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Impact Unintended operations may be performed if a user logs into the WordPress administration screen and browses a malicious page. Those operations may include generating new forms,...

Joomla ChronoForms 6.0.17 SQL Injection

Exploit Title : Joomla ChronoForms Components 6.0.17 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : chronoengine.com Software Download Link : chronoengine.com/chronoforms Software Information Link :...

WordPress Ninja Forms Plugin < 3.3.18 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...