WordPress Ninja Forms Plugin <= 2.9.55.1 - Authenticated SQL Injection

There is a bug in this plugin. It could leak the site’s usernames and hashed passwords. Solution Update the plugin...

Ninja Forms <= 2.9.55.1 - Authenticated SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

IBM Forms Experience Builder Cross-Site Request Forgery Vulnerability

IBM Forms Experience Builder is a suite of applications for creating Web forms for Web sites. A cross-site request forgery vulnerability exists in IBM Forms Experience Builder that allows a remote attacker to construct a malicious URI, trick a user into parsing it, and perform malicious actions i...

Foxit Reader < 7.2 Multiple RCE

Binary data 9458.prm...

WordPress plugin Vospari Forms <= 1.3 - Reflected Cross-Site Scripting (XSS) vulnerability

WordPress plugin Vospari Forms version 1.3 vulnerable to Reflected Cross-Site Scripting XSS. Altering the URL would allow for the XSS to be executed for further exploitation. Solution Update plugin to the latest version at least version 1.4...

WordPress Ninja Forms Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A cross-site scripting vulnerability exists in version 2.9.51 of t...

WordPress Ninja Forms Plugin <= 2.9.51 - Multiple Cross Site Scripting

Because of this vulnerability, attackers can inject malicious JavaScript code into the application. Solution Update this plugin...

Ninja Forms <= 2.9.51 - Multiple Authenticated Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting XSS security vulnerability...

WordPress Ninja Forms 2.9.51 Cross Site Scripting

------------------------------------------------------------------------ Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin ------------------------------------------------------------------------ Han Sahin, July 2016...

WordPress Google Forms Plugin <= 0.84 - Cross Site Scripting (XSS)

Because of this vulnerability, attackers can steal Administrators' session tokens or perform arbitrary actions on their behalf. Solution Update the plugin...

Joomla Forms 1.3.1 SQL Injection

No description provided by source...

Google Forms <= 0.84 - Cross-Site Scripting (XSS)

The Google Forms WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

WordPress Google Forms 0.84 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Google Forms WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016...

DEBIAN-CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

IBM Forms Server Cross-Site Scripting Vulnerability

IBM Forms Server is the United States IBM's set of scalable document-based form application of electronic form automation software. A cross-site scripting vulnerability exists in IBM Forms Server that stems from the program's failure to adequately filter user-submitted input. An attacker could...

Joomla Forms 1.3.1 SQL Injection

======================================================================== | Title : Joomla comforms 1.3.1 Sql injection vulnerability | Author : indoushka | email : [email protected] | Tested on: windows 8.1 Français V.Pro | Vendor : https://github.com/subtext/comforms/blob/master/forms.xml...

FortiWeb CSRF Vulnerability

A CSRF vulnerability could allow attackers to change admin password with crafted forms...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

WordPress Gravity Forms 1.8.19 Shell Upload

&formid=1&name=khan.php5&gformuniqueid=../../../../&fieldid=3'; curlsetopt$ch, CURLOPTRETURNTRANSFER, true; $response = curlexec$ch; curlclose$ch; if eregi'ok', $response echo "$separator\nShell at $shell\n$separator\n\n"; while $testCom != 'bubye!' $user =...

WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload

WordPress Gravity Forms plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...