CVE-2016-10007

SQL injection vulnerability in the "Marketing Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTFORMHANDLERorderBy parameter...

CVE-2016-10007

SQL injection vulnerability in the "Marketing Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the EXTFORMHANDLERorderBy parameter...

Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection

Exploit Title: Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor: http://coderspirit.blogspot.com.tr/2011/07/jquickcontact.html Software: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/jquickcontact/ Download:...

summit-mea.com XSS vulnerability

Open Bug Bounty ID: OBB-560324 Description| Value ---|--- Affected Website:| summit-mea.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

dotCMS SQL Injection

Title: Multiple SQL injection vulnerabilities in dotCMS 2x CVE Credit: Elar Lang / https://security.elarlang.eu Vendor/Product: dotCMS http://dotcms.com/ Vulnerability: SQL injection Vulnerable version: before 4.1.1. Theoretically would be fixed in 3.7.2 not released yet CVE: CVE-2016-10007,...

Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

elliemae.com XSS vulnerability

Open Bug Bounty ID: OBB-537361 Description| Value ---|--- Affected Website:| elliemae.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

WordPress Google Forms plugin <=0.91 - Unauthenticated Server-Side Request Forgery (SSRF) vulnerability

Unauthenticated Server-Side Request Forgery SSRF vulnerability found by Jouko Pynnönen in WordPress Google Forms plugin versions =0.91. Solution Update the WordPress Google Forms plugin to the latest available version at least 0.92...

Google Forms <= 0.91 - Unauthenticated Server-Side Request Forgery (SSRF)

The Google Forms WordPress plugin was affected by an Unauthenticated Server-Side Request Forgery SSRF security vulnerability...

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2018-02045)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...

WordPress Gravity Forms File Upload

File upload vulnerability in WordPress Gravity Forms plugin upload.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

Wapiti 3.0.0 - The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans it does not study the source code of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of...

Cross site scripting

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form...

CVE-2017-1000488

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form...

CVE-2017-18010

The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-formegoi.php url parameter...

[SECURITY] Fedora 26 Update: evince-3.24.2-2.fc26

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

CVE-2017-16580

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-16583

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-16578

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-16578

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...