Business Email Compromise Losses Up 2,370 Percent Since 2015

Business Email Compromise BEC schemes, where executives are scammed via social engineering and phishing compromises that ultimately lead to fraudulent wire transfers, grew at a jaw-dropping rate of 2,370 percent in the last two years. The FBI yesterday published its latest statistics on these...

WordPress Wow Forms Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Wow Forms plugin, which can be exploited by attackers to access or modi...

The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to execute arbitrary code.

The vulnerability of the XFA module for programs that read and edit PDF files, such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud, is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to execut...

WordPress Wow Forms plugin <= 2.1 - SQL Injection

The POST parameter wowformid is vulnerable to SQL injection. This parameter is not escaped properly. Solution Update the plugin...

WordPress Wow Forms 2.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: email protected...

WordPress Plugin Wow Forms 2.1 - SQL Injection

WordPress Plugin Wow Forms 2.1 - SQL Injection Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website:...

WordPress Plugin Wow Forms 2.1 - SQL Injection

Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website: https://tad.group Category: Web Application...

Adobe Acrobat and Reader Integer Overflow (APSB17-11: CVE-2017-3034)

An integer overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a parsing error in XML Forms Architecture XFA engine in Adobe Reader and Acrobat. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

Reflected Cross-Site Scripting Vulnerability in 'keyword' Parameter of Qibo B2B Commerce System

Qibo B2B business system is an open source content management system . Qibo B2B Commerce System 'keyword' parameter reflects cross-site scripting vulnerability. Allows attackers to insert XSS execution code into web forms, there are phishing attacks, user cookie theft and other security risks...

CVE-2016-8726

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server...

Null pointer dereference

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server...

CVE-2017-3035

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3034

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3035

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3014

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture XFA related to reset form functionality. Successful exploitation could lead to arbitrary code execution...

Design/Logic Flaw

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3014

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture XFA related to reset form functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3035

Adobe Acrobat Reader (affected: 11.0.19 and earlier; 15.006.30280 and earlier; 15.023.20070 and earlier) contains a use-after-free vulnerability in the XML Forms Architecture (XFA) engine (CVE-2017-3035). Exploitation could lead to arbitrary code execution. The connected documents acknowledge CVE...

CVE-2017-3014

Adobe Acrobat Reader from 11.0.19 and earlier, 15.006.30280 and earlier, and 15.023.20070 and earlier is affected by a use-after-free in the XML Forms Architecture (XFA) related to reset form functionality. The vulnerability can lead to arbitrary code execution when exploited locally via crafted ...

Cross-site Scripting (XSS)

The npm module forms is vulnerable to cross-site scripting XSS attacks. These attacks are possible because it does not escape text in tags...