CVE-2016-4064

Foxit Reader and Foxit PhantomPDF (Windows) ≤ 7.3.3 are affected by CVE-2016-4064 due to a use-after-free in the XFA forms handling when a crafted remerge call is processed. This leads to remote code execution with high impact (as described in connected sources). Remediation per the documents: up...

Boost - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-021

This module provides static page caching for Drupal enabling a very significant performance and scalability boost for sites that receive mostly anonymous traffic. The module doesn't prevent form cache from leaking between anonymous users which could result in information disclosure, where one use...

Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=""...

Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId="alert1;"...

WordPress Infusionsoft Gravity Forms Add-on Plugin <= 1.5.11 - XSS

This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...

Fill and Sign PDF Forms - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Fill and Sign PDF Forms published at the 'play' market has multiple vulnerabilities...

Drupal Core Forms Interface Ignores Submit Button Access Restriction Vulnerability

Drupal is a free and open source content management system developed in PHP. An access bypass vulnerability exists in Drupal Core. Allowing input submission, e.g. using JavaScript, of form button elements that the user should not have access to because the buttons are blocked by server-side form...

Foxit Reader XFA Re-merge After Release Re-exploit Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of XFA forms, which could allow the reuse of a pointer that has been released in the hanging pointer. An attacker can execute arbitrary code in the current process context...

WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution

Exploit Title: Wordpress Plugin MailChimp Subscribe Forms - Remote Code Execution Date: 23-03-2016 Exploit Author: CrashBandicot Google Dork : inurl:/wp-content/plugins/mailchimp-subscribe-sm/ Vendor Homepage: https://fr.wordpress.org/plugins/mailchimp-subscribe-sm/ Tested on: MSWin32 Version: 1....

Foxit Reader XFA remerge Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS

Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Solution Update the plugin...

Breezing Forms Lite

Breezing Forms Lite before build 912 Information disclosure Resolution: update to latest version Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...

Breezing Forms Full

Breezing Forms Full before build 884 Information disclosure Resolution: update to latest version Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...

Zimbra 8.0.9 GA - Cross-Site Request Forgery

====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release, enabling to change account preferences like...

Microsoft Active Directory Federated Authentication Service Denial of Service Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service that runs on Windows systems. The service provides Web Single Sign-On SSO technology, which enables...

CVE-2016-0047

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."...

CVE-2016-0037

The forms-based authentication implementation in Active Directory Federation Services ADFS 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service daemon outage via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service...

MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the .NET Framework : - A denial of service vulnerability exists due to improper handling of certain Extensible Stylesheet Language Transformations XSLT. A remote attacker can exploit...

WordPress Ninja Forms Plugin Cross-Site Scripting (CVE-2015-2220)

Multiple cross-site scripting vulnerabilities exist in WordPress Ninja Forms Plugin. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary web script into the affected system...

WordPress Formidable Forms Plugin <= 1.06.03 - Remote Code Execution

This plugin is prone to remote code execution because of ofcuploadimage.php file parameters $GET 'name' and $HTTPRAWPOSTDATA. Solution Update the plugin...