CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Zero Day Initiative•added 2015/10/19 12:0 a.m.•17 views

Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

6.8CVSS3.2AI score

CNVD•added 2015/10/15 12:0 a.m.•2 views

Microsoft SharePoint Server Information Leakage Vulnerability

Microsoft SharePoint Server is the United States Microsoft Microsoft company's set of enterprise business collaboration platform. An information leakage vulnerability exists in the InfoPath Forms Services component of Microsoft SharePoint Server versions 2007 SP3 and 2010 SP2. A remote attacker...

4.3CVSS6.6AI score0.15248EPSS

NVD•added 2015/10/14 1:59 a.m.•27 views

CVE-2015-2556

The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity...

4.3CVSS6.5AI score0.15248EPSS

Exploits0References2

Prion•added 2015/10/14 1:59 a.m.•18 views

Information disclosure

4.3CVSS7AI score0.15248EPSS

Exploits0References2Affected Software1

CVE•added 2015/10/14 1:0 a.m.•68 views

CVE-2015-2556

CVE-2015-2556 is an information-disclosure vulnerability affecting Microsoft SharePoint Server 2007 SP3 and 2010 SP2, arising from how the InfoPath Forms Services component parses DTDs. The root cause is improper handling of XML External Entities (XXE), allowing a remote attacker to read arbitrar...

4.3CVSS6.6AI score0.15248EPSS

Exploits0References2Affected Software1

Cvelist•added 2015/10/14 1:0 a.m.•26 views

CVE-2015-2556

6.4AI score0.15248EPSS

Exploits0References2

OpenVAS•added 2015/10/14 12:0 a.m.•34 views

Microsoft SharePoint Server and Foundation Multiple Vulnerabilities (3096440)

This host is missing an important security update according to Microsoft Bulletin MS15-110. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.3CVSS6.2AI score0.15248EPSS

Exploits0References5

Exploit DB•added 2015/10/02 12:0 a.m.•37 views

FTGate 7 - Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-V7-CSRF.txt Vendor: ================================ www.ftgate.com www.ftgate.com/ftgate-update-7-0-300 Product: ================================ FTGate v7 Vulnerability Type:...

Patchstack•added 2015/09/30 12:0 a.m.•9 views

WordPress Ninja Forms Plugin <= 2.9.27 - Malicious File Export

There is an unknown vulnerability in this plugin. Solution Upgrade this plugin...

2.9AI score

Exploits0References1Affected Software1

Typo3•added 2015/09/30 12:0 a.m.•13 views

Arbitrary Code Execution in extension "MK Forms" (mkforms)

It has been discovered that the extension "MK Forms" mkforms is susceptible to Arbitrary Code Execution Release Date: September 30, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.0.23 and below Vulnerability...

7AI score

Exploits0Affected Software1

WPVulnDB•added 2015/09/30 12:0 a.m.•13 views

Ninja Forms <= 2.9.27 - Malicious File Export

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Malicious File Export security vulnerability...

1.4AI score

Exploits0References1Affected Software1

Exploit DB•added 2015/09/08 12:0 a.m.•35 views

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting

Exploit Title: Wordpress White-Label Framework XSS Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymailiframe.php Date: 7 September 2015 Exploit Author: Outlasted Software Link: wordpress.com / http://whitelabelframework.com/ Version: 2.0.6 Greetz to: TeaMp0isoN...

seebug.org•added 2015/09/07 12:0 a.m.•21 views

WordPress Aviary Image Editor Add On For Gravity Forms Plugin 3.0 /includes/upload.php File Upload

No description provided by source...

7.1AI score

Exploit DB•added 2015/08/19 12:0 a.m.•36 views

up.time 7.5.0 - Upload and Execute

up.time 7.5.0 Upload And Execute File Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: up.time suffers from arbitrary command execution. Attackers can...

CNVD•added 2015/08/19 12:0 a.m.•1 views

Multiple Foxit Product XFA Forms Processing Memory Corruption Vulnerabilities

Foxit Reader is a compact PDF reader. A memory corruption vulnerability exists in the implementation of multiple Foxit products. An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application...

7.8AI score

CVE•added 2015/08/18 5:0 p.m.•33 views

CVE-2015-5481

The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...

4.3CVSS6AI score0.02055EPSS

Exploits1References5Affected Software1

CNVD•added 2015/08/08 12:0 a.m.•1 views

Foxit Reader XFA Form Denial of Service Vulnerability While Processing Targets

Foxit Reader is a popular application for working with PDF files. A vulnerability exists in Foxit Reader that allows remote users to send specially crafted XFA forms that, when loaded by the target user, can crash the application or execute arbitrary code...