Oracle E-Business Suite/Oracle Forms RCE Vulnerability (Oct 2014) - Active Check

Oracle E-Business Suite/Oracle Forms is prone to a remote code execution RCE vulnerability in the Oracle Applications Technology Stack. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...

Vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This...

Ninja Forms 2.8.6 - Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

CVE-2014-7573

The droid Survey Offline Forms aka com.contact.droidSURVEY application 2.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7573

The CVE-2014-7573 entry concerns the Android app “droid Survey Offline Forms” (com.contact.droidSURVEY) version 2.5.2, which fails to verify X.509 certificates from SSL servers. This misimplementation enables man-in-the-middle attackers to spoof the server and exfiltrate sensitive data via a craf...

CVE-2014-4278

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms...

CVE-2014-4278

CVE-2014-4278 concerns Oracle E-Business Suite (12.0.6, 12.1.3, 12.2.2–12.2.4) where the Oracle Applications Technology Stack/Oracle Forms is affected. It describes an unspecified remote vulnerability with impact to confidentiality, integrity, and availability via unknown vectors related to Oracl...

CVE-2014-4278

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms...

Smart Forms 2.1.0 - Cross-Site Scripting (XSS)

The Smart Forms – when you need more than just a contact form WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

Wordpress InfusionSoft Plugin Upload Vulnerability

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...

Wordpress InfusionSoft Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

Infusionsoft Gravity Forms 1.5.3 - 1.5.10 Arbitrary File Upload

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by a 1.5.10 Arbitrary File Upload security vulnerability...

WordPress Infusionsoft Gravity Forms Add-on Arbitrary File Upload Vulnerability

WordPress Infusionsoft Gravity Forms Add-on is prone to remote file upload vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress custom-contact-forms Plugin SQL Upload

The WordPress custom-contact-forms plugin 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas', Vulnerability discovery 'Christian Mehlmauer' Metasploit module , 'License' = MSFLICENSE, 'References' = 'URL',...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

Code injection

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...