CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2017/12/20 2:29 p.m.•17 views

Design/Logic Flaw

6.8CVSS8.8AI score0.0259EPSS

CVE•added 2017/12/20 2:0 p.m.•52 views

CVE-2017-16580

CVE-2017-16580 affects Foxit Reader 8.3.2.25013 where the ImageField node in XFA forms mishandles user-supplied data, causing an out-of-bounds/read past end vulnerability. The issue enables remote information disclosure and can be leveraged in conjunction with other flaws to execute code in the p...

6.5CVSS7.2AI score0.02456EPSS

Cvelist•added 2017/12/20 2:0 p.m.•24 views

CVE-2017-16583

8.8AI score0.0259EPSS

Cvelist•added 2017/12/20 2:0 p.m.•23 views

CVE-2017-16578

8.8AI score0.0259EPSS

CVE•added 2017/12/20 2:0 p.m.•57 views

CVE-2017-16578

The CVE-2017-16578 entry concerns Foxit Reader 8.3.2.25013 and describes a type confusion in the XFA forms’ picture elements that allows remote code execution after user interaction (visiting a malicious page or opening a malicious file). The underlying issue is improper validation of user-suppli...

8.8CVSS8.8AI score0.0259EPSS

CVE•added 2017/12/20 2:0 p.m.•58 views

CVE-2017-16583

Foxit Reader 8.3.2.25013 is vulnerable to a remote code execution flaw in the XFA dataset element (missing validation of object existence). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code with the current process context. Affecte...

8.8CVSS8.8AI score0.0259EPSS

Patchstack•added 2017/12/20 12:0 a.m.•17 views

WordPress Gravity Forms – Clockwork SMS plugin <=2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Gravity Forms – Clockwork SMS plugin versions =2.2. Solution Update the WordPress Gravity Forms – Clockwork SMS plugin to the latest available version at least 2.4.0...

2.6AI score

Exploits0References1Affected Software1

OSV•added 2017/12/16 2:29 a.m.•1 views

CVE-2017-14092

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

8.8CVSS5.8AI score0.00885EPSS

Exploits1References2

Hacker One•added 2017/12/15 2:29 p.m.•99 views

HackerOne: HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms

Summary: I noticed that HackerOne career pages loads it's application forms from Greenhouse.io via an iframe. The ghjid parameter value is taken into the iframe element for the token parameter in the iframe URL boards.greenhouse.io. Any html characters are escaped in order to avoid XSS and possib...

6.1AI score

Hacker One•added 2017/12/13 4:37 p.m.•18 views

Automattic: Improper markup sanitisation in Simplenote Android application.

Description The Simplenote Android application 1.5.6 still allows users to embed fully-fledged forms. html Sign in to Simplenote Please sign in Email Password Remember Me Forgot your password? F246484 A more convincing proof of concept could consist of hiding the form inside several paragraphs o...

6.5AI score

wpexploit•added 2017/12/10 12:0 a.m.•13 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...

2.1AI score

wpexploit•added 2017/12/10 12:0 a.m.•23 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...

2.3AI score

Friends Of PHP•added 2017/12/07 1:46 p.m.•7 views

SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms

More info at https://www.silverstripe.org/download/security-releases/ss-2017-010/...

7.2AI score

Exploits0Affected Software1

Patchstack•added 2017/12/07 12:0 a.m.•11 views

WordPress Smart Marketing SMS and Newsletters Forms plugin <=1.1.1 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress Smart Marketing SMS and Newsletters Forms plugin versions =1.1.1. Solution 12/07/2017 - we were unable to find a patched version of this plugin. Use with caution or uninstall...

2.4AI score

Exploits0References1Affected Software1

Drupal•added 2017/12/06 12:0 a.m.•15 views

Node feedback - Moderately critical - Access Bypass - SA-CONTRIB-2017-092

This module enables you to set nodes to send feedbacks by personal/site wide contact forms. The module doesn't sufficiently handle the access to nodes whose titles will be shown on contact forms. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Us...

6.4AI score

Exploits0References7

0day.today•added 2017/12/06 12:0 a.m.•46 views

WordPress Smart Marketing SMS And Newsletters Forms 1.1.1 XSS Vulnerability

WordPress Smart Marketing SMS and Newsletters Forms plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability. Vulnerable Smart Marketing SMS and Newsletters Forms 1.1.1 Smart Marketing SMS and Newsletters Forms is prone to a stored cross-site scripting vulnerability becau...

6.7AI score

Packet Storm•added 2017/12/05 12:0 a.m.•25 views

WordPress 3rd-Party Inject Results 0.2 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Forms: 3rd-Party Inject Results 0.2 Forms: 3rd-Party Inject Results is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue t...

0.2AI score