Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

Adobe Reader DC Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AcroForm...

WordPress NEX-Forms Lite Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . NEX-Forms Lite is one of the user-defined plugin to create forms . A cross-site scripting vulnerability exists in...

CVE-2014-7151

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...

CVE-2014-7151

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...

CVE-2014-7151

CVE-2014-7151 affects the WordPress NEX-Forms Lite plugin (v2.1.0). It describes multiple cross-site scripting (XSS) vulnerabilities via the form_fields parameter in admin-ajax.php during do_edit/do_insert actions. Root cause: insufficient filtering of form_fields. Impact: cross-site script/HTML ...

Sawef - Send Attack Web Forms

SAWEF - Send Attack Web Forms DESCRIPTION The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of the few features that want her to have, but we can already see in this tool: - Email Crawler in sites - Crawler forms on the...

WordPress Ninja Forms Plugin <= 2.9.42.0 - PHP Object Injection

This vulnerability allows an attacker to conduct PHP object injection attacks via crafted serialized values in a POST request. Solution Update the plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via 1 global parameters, 2 smart class parameters, or 3 smart variables in the a host or b hostgroup edit forms...

Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PDF Forms. A...

orion.extfeedbackform Bitrix Module SQL Injection Vulnerability

An SQL injection vulnerability exists in the orion.extfeedbackform Bitrix module. Due to insufficient filtering of input passed to the "/bitrix/admin/orion.extfeedbackformefbfforms.php" script via the "order" and "by" HTTP GET parameters, an attacker can exploit the vulnerability to execute SQL...

TYPO3 MK Forms扩展任意代码执行漏洞

No description provided by source...

TYPO3 MK Forms Extension Arbitrary Code Execution Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.MK Forms is one of the extensions plug-in for producing HTML forms. An arbitrary code execution vulnerability exists in TYPO3 MK Forms extension version 1.0.23 and earlie...

MyWebSQL 3.6 Cross Site Request Forgery Vulnerability

MyWebSQL version 3.6 suffers from a cross site request forgery vulnerability. 1. Introduction Affected Product: MyWebSQL 3.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://mywebsql.net/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed t...

Adobe Acrobat Reader DC Remote Code Execution Vulnerability

Adobe Acrobat Reader DC is the United States of America Odooby Adobe company's set of tools for viewing, printing and annotating PDF. A remote code execution vulnerability exists in Adobe Acrobat Reader DC, which stems from the program failing to properly parse CMAP forms. A remote attacker could...

Foxit Reader < 7.2 Multiple Vulnerabilities

The version of Foxit Reader installed on the remote Windows host is prior to 7.2. It is, therefore, affected by multiple vulnerabilities : - A memory overflow condition exists in the PDF creator plugin ConvertToPDFx86.dll when converting a PNG file to a PDF file due to an error that occurs when...

Foxit PhantomPDF < 7.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is affected by multiple vulnerabilities : - A memory overflow condition exists in the PDF creator plugin ConvertToPDFx86.dll when converting a PNG file to a PDF file due to an...

Foxit Reader Forms Out-of-Bounds Remote Code Execution Vulnerability

Foxit Reader is a compact PDF reader. A security vulnerability exists in Foxit Reader's PDF Forms, which allows an attacker to exploit a constructed PDF file to trick the user into parsing it, reading memory outside of the allocated object, and executing arbitrary code...

The vulnerability of the Microsoft SharePoint Server corporate application allows a hacker to read arbitrary files.

The vulnerability of the InfoPath Forms Services component of the Microsoft SharePoint Server corporate application suite is related to deficiencies in access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to read arbitrary files using a specially...