VK.com: clickjacking в /lead_forms_app.php

Кликджекинг в «Форме сбора заявок». Можно было угнать номер и почту любого человека который нажмет на кнопкуbuton на нашем сайте, я считаю это довольно серьезно, ибо нажать кнопку можно было под любым предлогом, к примеру создав фейковый опрос на нашем сайте, а подтверждением голосования добавить...

WordPress Formidable Forms Plugin Remote Code Execution

A remote code execution vulnerability exists in WordPress Formidable Forms plugin. A remote attacker can upload and execute vulnerable shortcodes via crafted parameters. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

WordPress Breezing Forms 1.2.7.42 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Breezing Forms Plugin 1.2.7.42 Breezing Forms Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Breezing Forms 1.2.7.42 Cross Site Scripting Vulnerability

WordPress Breezing Forms plugin version 1.2.7.42 suffers from a cross site scripting vulnerability. Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Breezing Forms Plugin 1.2.7.42 Breezing Forms Plugin is prone to a stored cross-site scripting vulnerability because it fai...

WordPress Formidable Forms plugin <=2.05.02 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found by Jouko Pynnönen in WordPress Formidable Forms plugin versions =2.05.02. Reflected Cross-Site Scripting vulnerability in form preview and Stored Cross-Site Scripting vulnerability in form entries. Solution Update the WordPress Formidable...

WordPress Formidable Forms plugin <=2.05.02 - SQL Injection (SQLi) vulnerability

Blind SQL Injection SQLi vulnerability found by Jouko Pynnönen in WordPress Formidable Forms plugin versions =2.05.02. This vulnerability allows an attacker to enumerate databases and tables and retrieve their contents. Solution Update the WordPress Formidable Forms plugin to the latest available...

WordPress Formidable Forms plugin <=2.05.02 - Multiple vulnerabilities

Multiple vulnerabilities found by Jouko Pynnönen in WordPress Formidable Forms plugin versions =2.05.02. Unauthenticated preview function allowing shortcodes, unauthenticated form entries retrieval and Server-Side Code Execution via iThemes Sync. Solution Update the WordPress Formidable Forms...

Foxit Reader XFA ImageField Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Formidable Forms <= 2.05.02 - Multiple Vulnerabilities

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

WordPress Caldera Forms plugin <=1.5.4 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by Will Brand in WordPress Caldera Forms plugin versions =1.5.4. Solution Update the WordPress Caldera Forms plugin to the latest available version at least version 1.5.5...

TYPO3 CMS cross-site scripting vulnerability (CNVD-2017-34699)

TYPO3 CMS is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. Multiple cross-site scripting vulnerabilities exist in TYPO3 CMS. The vulnerabilities can be exploited by remote attackers to inject arbitrary web script or HTML by sending...

Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution

The Shortcodes Ultimate plugin does not sanitize the "filter" argument to the "sumeta", "suuser", and "supost" shortcodes, allowing the filter to be set to the "system" function which runs arbitrary code. This is being exploited in the wild; I discovered this though analysis of modsecurity audit...

VK.com: Stored xss в /lead_forms_app.php

XSS в "Форме сбора заявок". Жесть...

WordPress Polls 1.2.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 22/10/2017 Vulnerable version: 1.2.4 Download Link :...

CVE-2010-3659

Multiple cross-site scripting XSS vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified...

CVE-2010-3659

Multiple cross-site scripting XSS vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified...

CVE-2010-3659

Multiple cross-site scripting XSS vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified...

CVE-2017-10324

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite subcomponent: Oracle Forms. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

Design/Logic Flaw

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite subcomponent: Oracle Forms. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

Design/Logic Flaw

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite subcomponent: Oracle Forms. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network acce...