CVE-2018-19724

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2018-19724

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2018-19724

CVE-2018-19724 affects Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 with a stored cross-site scripting (XSS) vulnerability that could disclose sensitive information. Root cause is stored XSS in forms handling; impact is information disclosure. Remediation: apply Adobe APSB19-03 securi...

WordPress MM-Forms-Community 2.2.7 Shell Upload / SQL Injection

Exploit Title : WordPress MM-Forms-Community Plugins 2.2.7 Shell Upload and SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/01/2019 Vendor Homepage : wordpress.org Software Download Link : downloads.wordpress.org/plugin/mm-forms-community.zip...

Adobe Experience Manager Forms Cross-Site Scripting Vulnerability

Adobe Experience Manager Forms is the United States of America Odobie Adobe company's set of solutions for form content management. The product is mainly used to synchronize form data. A cross-site scripting vulnerability exists in Adobe Experience Manager Forms versions 6.4, 6.3, and 6.2. A remo...

CVE-2018-17671

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Adobe Issues Unscheduled Updates for Experience Manager Platform

Adobe has issued unscheduled patches for vulnerabilities rated “important” across its Experience Manager platform, which allows developers to create mobile apps, social campaigns and landing pages. Overall, Adobe issued three fixes, including an “important” flaw CVE-2018-19726 and a “moderate” fl...

Cross-Site Scripting in Form Framework

Failing to properly encode user input, frontend forms handled by the form framework system extension “form” are vulnerable to cross-site scripting...

APSB19-03 Security updates available for Adobe Experience Manager Forms

Adobe has released security updates for Adobe Experience Manager Forms. These updates resolve a stored cross-site scripting vulnerability rated Important that could result in sensitive information disclosure...

Ninja Forms <= 3.3.21 - XSS and SQLi

Reflected XSS vulnerability in the administrative dashboard. Blind SQL injection vulnerability in the search filter on the submissions page...

CVE-2018-1000415

A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly,...

Cross site scripting

A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly,...

Ninja Forms < 3.3.21.2 - SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a SQL Injection security vulnerability...

DEBIAN-CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

Open redirect

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

UBUNTU-CVE-2018-19789

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint string in a setter method e.g. setNamestring $name of a class that's the dataclass of a form, and when a...

CVE-2018-19790

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...

WordPress Privilege Escalation through Post Types

Impact - What can an attacker do WordPress is at the core a Blogging Software that allows user to create and publish posts. Over time, different post types were introduced, such as pages and media entries images, videos etc.. Plugins can register new post types, such as products or contact forms...

Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acrobat...

WordPress Caldera Forms 1.7.4 Database Disclosure

Exploit Title : WordPress Caldera Forms Plugins 1.7.4 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org/plugins/caldera-forms/ calderaforms.com/updates/caldera-forms-1-7-4/ Software Download Link ...