CVE-2016-6001

IBM Forms Experience Builder could be susceptible to a server-side request forgery SSRF from the application design interface allowing for some information disclosure of internal resources...

CVE-2016-6001

IBM Forms Experience Builder could be susceptible to a server-side request forgery SSRF from the application design interface allowing for some information disclosure of internal resources...

Server side request forgery (ssrf)

IBM Forms Experience Builder could be susceptible to a server-side request forgery SSRF from the application design interface allowing for some information disclosure of internal resources...

CVE-2016-6001

IBM Forms Experience Builder is affected by CVE-2016-6001 (SSRF) in versions 8.5, 8.5.1, and 8.6. The vulnerability arises from server-side requests initiated from the application design interface, allowing information disclosure of internal resources. Remediation is available: upgrade to IBM For...

CVE-2016-6001

IBM Forms Experience Builder could be susceptible to a server-side request forgery SSRF from the application design interface allowing for some information disclosure of internal resources...

WordPress Google Forms Plugin unauthenticated PHP Object injection vulnerability

Exploit for php platform in category web applications Abstract A PHP Object injection vulnerability was found in the Google Forms WordPress Plugin, which can be used by an unauthenticated user to instantiate arbitrary PHP Objects. Using this vulnerability it is possible to execute arbitrary PHP...

PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload

PHP PEAR HTTPUpload 1.0.0b3 - Arbitrary File Upload + + Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product:...

Google Forms 0.84-0.87 - Unauthenticated PHP Object Injection

The Google Forms WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

Microsoft Dynamics CRM 2011 Update Rollup 15

Microsoft Dynamics CRM 2011 Update Rollup 15 We have identified a compatibility issue that occurs when you use the Microsoft Dynamics CRM 2011 Client for Outlook with Update Rollup 15 applied against a Dynamics CRM 2013 server. This issue does not affect Dynamics CRM 2011 servers. A new Update...

Carbanak Using Google Services for Command and Control

Carbanak certainly has not sat idly by after years of advanced criminal campaigns targeting primarily financial institutions. The outfit, alleged to have stolen from more than 100 banks worldwide, has popped up again with a new means of managing command and control over its malware and implants...

CVE-2017-5516

Multiple cross-site scripting XSS vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters...

CVE-2017-2950

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

xsscrapy - XSS/SQLi Spider

Fast, thorough, XSS/SQLi spider. Give it a URL and it'll test every link it finds for cross-site scripting and some SQL injection vulnerabilities. See FAQ for more details about SQLi detection. From within the main folder run: ./xsscrapy.py -u http://example.com If you wish to login then crawl:...

wordpress plugin forms-3rdparty-post-again cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wordpress plugin forms-3rdparty-post-again, which, due to improper filteri...

phpmailer -- Remote Code Execution

Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...

FreeBSD : phpmailer -- Remote Code Execution (c7656d4c-cb60-11e6-a9a5-b499baebfeaf)

Legal Hackers reports : An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. T...

Tiki Wiki CMS Groupware cross-site scripting vulnerability (CNVD-2016-13244)

Tiki Wiki CMS is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A cross-site scripting vulnerability exists in forms with the...

phpmailer -- Remote Code Execution

Legal Hackers reports: An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To...

CVE-2016-6934

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks...

CVE-2016-6933

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks...