WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution

Exploit Title: Wordpress MailChimp Subscribe Forms Remote Code Execution Date: 21-04-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/mailchimp-subscribe-sm/ Software Link: https://downloads.wordpress.org/plugin/mailchimp-subscribe-sm.1.1.zip Version: 1.1 Tested on:...

Oracle WebCenter Forms Recognition Sssplt30.ocx Arbitrary File Creation - Ver2 (CVE-2012-1710)

A directory traversal vulnerability has been reported in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in a certain method in the Sssplt30 ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to op...

WordPress A Forms Plugin <= 1.4.0 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...

WordPress A Forms Plugin <= 1.4.0 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability via: a-forms.php addfieldtosection function multiple parameter, a-forms.php aforminitialpage function multiple parameter, a-forms.php aformpage function multiple parameter, a-forms.php aformsectionpage Function message parameter,...

WordPress TDO Mini Forms Plugin <= 0.13.9 - Remote Code Execution

This plugin is prone to a remote code execution in tdomf-upload-inline.php. Solution Update the plugin...

WordPress Custom Contact Forms Plugin <= 5.0.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress Custom Contact Forms Plugin <= 5.1.0.3 - Database Import/Export

This plugin is prone to a database import/export vulnerabilities. Solution Update the plugin...

WordPress A Forms Plugin <= 1.4.0 - SQL Injection

This plugin is prone to a SQL injection vulnerability in a-forms.php aformtrackingpage FunctionMultiple parameters. Solution Update the plugin...

WordPress TDO Mini Forms Plugin <= 0.13.9 - Remote Code Execution

This plugin is prone to a remote code execution in tdomf-upload-inline.php. Solution Update the plugin...

WordPress Custom Contact Forms Plugin <= 5.0.0.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress Custom Contact Forms Plugin <= 5.1.0.3 - Database Import/Export

This plugin is prone to a database import/export vulnerabilities. Solution Update the plugin...

CVE-2015-1673

The Windows Forms aka WinForms libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."...

Privilege escalation

The Windows Forms aka WinForms libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."...

CVE-2015-1673

CVE-2015-1673 affects the Windows Forms (WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2. It is described as a memory-handling vulnerability in WinForms that, when a crafted partial-trust application is used, allows a user-assisted remote att...

CVE-2015-1673

The Windows Forms aka WinForms libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via a crafted partial-trust application, aka "Windows Forms Elevation of Privilege Vulnerability."...

Microsoft .NET Framework Privilege Elevation Vulnerability (3057134)

This host is missing an important security update according to Microsoft Bulletin MS15-048. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Microsoft .NET Framework due to a recursion flaw that occurs when decrypting XML data. A remote attacker can exploit this,...

CakePHP 3.0.4 Released

CakePHP 3.0.4 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.4. This is a maintenance release that contains security fixes and bugfixes. Security Fixes There are two issues that can impact the security of a CakePHP application: CsrfComponent fails to...

Drupal Smart Trim Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. Smart Trim Module for Drupal is a module application for Drupal. The Drupal Smart Trim Module for Drupal handles cross-site scripting vulnerabilities in field setup forms, allowing remote attackers to exploit the...

WordPress NEX-Forms 3.0 SQL Injection

SQL Injection vulnerability in WordPress NEX-Forms plugin nexformsId parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...