[20181001] - Core - Hardening com_contact contact form

Inadequate checks in comcontact could allowed mail submission in disabled forms...

Forms by Balbooa.com,1.7.2,Information Disclosure

Forms by Balbooa.com,1.7.2,Information Disclosure Resolution: update to 1.7.4 there was a previous update 1.7.3 which did not entirely fix the issue update notice: https://support.balbooa.com/forum/joomla-forms/5441-balbooa-joomla-forms-v-1-7-4...

ffjpeg Denial of Service Vulnerability

ffjpeg is a JPEG format encoder, decoder. A denial of service vulnerability exists in the ffjpeg.dll dynamic link library in versions prior to ffjpeg 2018-08-22, which can be exploited by remote attackers to cause a denial of service with the help of progressive JPEG files missing AC Huffman form...

cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root

CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...

WordPress Ninja Forms CSV Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Ninja Forms is one of the form creation plugin . A CSV injection vulnerability exists in WordPress Ninja Forms. An...

CVE-2018-16308

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

Design/Logic Flaw

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

CVE-2018-16308

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

CVE-2018-16308

CVE-2018-16308 — CSV Injection in WordPress Ninja Forms is a vulnerability in the Ninja Forms plugin for WordPress, affecting versions before 3.3.14.1. The issue is a CSV injection flaw in the plugin’s handling of form data exported to CSV. The CVSS metrics indicate a high impact when exploited l...

CVE-2018-16308

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

WordPress Ninja Forms plugin <= 3.3.13 - CSV Injection vulnerability

CSV Injection vulnerability fund by Mostafa Gharzi in WordPress Ninja Forms plugin versions = 3.3.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.14...

WordPress Ninja Forms plugin <= 3.3.13 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Ninja Forms plugin versions = 3.3.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.14...

Ninja Forms <= 3.3.13 - Cross-Site Scripting (XSS) in Import Function

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS in Import Function security vulnerability...

WordPress Ninja Forms Plugin Remote Code Execution

A Remote Code Execution vulnerability exists in the WordPress Ninja Forms Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Wordpress Ninja Forms 3.3.13 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and befor...

Wordpress Plugin Ninja Forms CSV Injection Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports personal blog sites on servers with PHP and MySQL. Ninja Forms is the ultimate free form creation tool for WordPress. A CSV injection vulnerability exists in WordPress Nin...

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/...

Ninja Forms <= 3.3.13 - CSV Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a CSV Injection security vulnerability...

WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active...

WordPress Ninja Forms 3.3.13 CSV Injection

Exploit Title: Wordpress Plugin Ninja Forms - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active installations: 1+...