Wordpress Gravity Forms 1.8.19 /include/upload.php 文件上传漏洞

/includes/upload.php$filename = isset$REQUEST"name" ? $REQUEST"name" : ''; $fieldid = rgpost"fieldid"; $field = GFFormsModel::getfield$form, $fieldid; if empty $field die; // Clean the fileName for security reasons $filename = pregreplace'/^\w.+/', '', $filename; …. $tmpfilename = $formuniqueid...

WordPress Plugin Ninja Forms Cross-Site Scripting Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress Ninja Forms suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to construct malicious URIs, trick users into...

Malware cleanup to Gravity Forms arbitrary file upload-vulnerability warning-the black bar safety net

Regular malware detection cleanup process, we encountered one case of infection, caused our attention. Our environment does not have any special or fancy stuff, just updated wordpress and 3 expired plug-in; this situation is quite reasonable. The processing process ends, the environment is clean...

Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file...

CVE-2015-2220

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

Code injection

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

CVE-2014-9688

CVE-2014-9688 concerns the Ninja Forms WordPress plugin, specifically versions before 2.8.10. The connected sources describe an unspecified vulnerability with unknown impact and remote attack vectors related to admin users. The NVD metrics indicate partial confidentiality, integrity, and availabi...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2015-2220

The CVE-2015-2220 entry concerns the WordPress Ninja Forms plugin with XSS vulnerabilities in versions before 2.8.9. Two vectors are reported: (1) via ninja_forms_field_1 in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php, and (2) via fields[1] in wp-admin/post.php. These permit remot...

CVE-2015-2220

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix multiple security issues are now available for the little-endian 64-bit PowerPC platform architecture ppc64le on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVS...

WordPress Ninja Forms Plugin <= 2.8.9 - Unspecified Vulnerability

Because of this vulnerability in Ninja Forms plugin, remote attack vectors are related to admin users. Solution Update the plugin...

WordPress Ninja Forms Plugin <= 2.8.8 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "ninjaformsfield1" parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php. Also, multiple cross site scripting vulnerabilities allow the administrators to inject arbitrary web script or...

SA-CONTRIB-2015-067 - Finder - Open Redirect

Finder module allows you to create flexible faceted search forms to find entities such as nodes or users based on the values of fields and database attributes. The provided function finderformgoto is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the...

Updated firefox and thunderbird packages fix security vulnerabilities

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150225)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-0836, CVE-2015-0831, CVE-2015-0827 An information leak flaw w...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150225)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2015-0836, CVE-2015-0831, CVE-2015-0827 An information lea...