8170 matches found
RHEL 6 : thunderbird (RHSA-2018:1726)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1726 advisory. - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Use-after-free with SVG animations and clip...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20180524)
This update upgrades Thunderbird to version 52.8.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Backport critical security fixes in Skia CVE-2018-5183 - Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154 -...
Dumpzilla - Extract All Forensic Interesting Information Of Firefox, Iceweasel And Seamonkey Browsers
Dumpzilla official site : www.dumpzilla.org http://www.dumpzilla.org "Mozilla browser forensic tool" Manual : Español http://dumpzilla.org/Manualdumpzillaes.txt "Manual en español de dumpzilla" / English http://dumpzilla.org/Manualdumpzillaen.txt "Dumpzilla english Manual" SO : Unix / Win...
Security update for Mozilla Thunderbird (important)
This update for Mozilla Thunderbird to version 52.8 fixes the following issues: Security issues fixed MFSA 2018-13, boo1092548: - CVE-2018-5183: Backport critical security fixes in Skia - CVE-2018-5154: Use-after-free with SVG animations and clip paths - CVE-2018-5155: Use-after-free with SVG...
Schneider Electric PLCs Cross Site Request Forgery
Exploit Title: Schneider Electric PLCs - Cross-Site Request Forgery Date: 2018-05-12 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Tested on: Windows CVE: CVE-2013-0663 Version: Schneider Electric Quantum PLC: 140NOE77111, 140NOE77101, 140NWM10000 Modicon M340 PLC...
Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability(CVE-2018-3842)
Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...
WordPress Ultimate Member Access Restriction Bypass Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Ultimate Member is one of the plug-ins used to create a membership site or online community. A security vulnerability exists...
Malicious Package
Overview Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found...
CVE-2018-0589
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors...
CVE-2018-0589
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors...
Authentication flaw
Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors...
Google Forms < 0.94 - Eval Injection
The Google Forms WordPress plugin was affected by an Eval Injection security vulnerability...
WordPress Ninja Forms SQL Injection
SQL Injection vulnerability in WordPress Ninja Forms plugin parse-media-shortcode parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
Foxit Reader XFA subform remote code execution vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA subform element, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...
Foxit Reader XFA Button Remote Code Execution Vulnerability (CNVD-2018-09950)
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the XFA Button element, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a failure to validate an object befor...
Caldera Forms <= 1.5.9.1 - Multiple Cross-Site Scripting (XSS)
The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Multiple Cross-Site Scripting XSS security vulnerability...
Drupal Drupalgeddon 2 Forms API Property Injection Exploit
This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...
Uber: Lack of CSRF protection on uberps.com makes every form vulnerable to CSRF
A malicious website can cause visitors who are currently authenticated to https://uberps.com to take sensitive actions on https://uberps.com A basic CSRF vuln on a old uber microsite. Check out my blog https://healdb.tech/blog/ or my Twitter https://twitter.com/healdben for some Bug Bounty tool...
WordPress Caldera Forms plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Caldera Forms is a drag-and-drop web editor plugin used in ... A cross-site scripting vulnerability exists in WordPress...
CVE-2018-7747
Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...