CVE-2014-7152

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

CVE-2014-6446

CVE-2014-6446 affects the WordPress Infusionsoft Gravity Forms Add-on. The vulnerability exists in versions 1.5.3–1.5.10 and stems from improper access restriction, enabling remote attackers to upload arbitrary files and execute PHP code via a request to utilities/code_generator.php. Affected sof...

CVE-2014-7152

The CVE-2014-7152 entry relates to the Easy Forms for MailChimp / Easy MailChimp Forms WordPress plugin, affecting versions 3.0 through 5.0.6. The vulnerability is an XSS flaw triggered via the update_options action to wp-admin/admin-ajax.php, allowing an attacker to inject arbitrary script or HT...

WordPress NEX-Forms Lite Plugin <= 2.1.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "formfields" parameter. Solution Update the plugin...

JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates

Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...

Safari < 6.2 / 7.1 Multiple Vulnerabilities

Binary data 8395.prm...

Easy Forms for MailChimp 5.0.3 - classes/class.yksemeBase.php Multiple Actions CSRF

The Easy Forms for Mailchimp WordPress plugin was affected by a classes/class.yksemeBase.php Multiple Actions CSRF security vulnerability...

Code injection

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...

Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2 or 7.1. It is, therefore, affected by the following vulnerabilities : - An error exists related to saved passwords and the incorrect automatic filling of HTML forms. A remote attacker can exploit this to...

XSScrapy - Fast, thorough XSS vulnerability spider

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities. XSS attack vectors xsscrapy will test Referer header way more common than I thought it would be! User-Agent header Cookie header added 8/24/14 Forms, both hidden and explicit URL...

WordPress Ninja Forms Plugin - Authorization Bypass

Ninja Forms plugin is prone to an authorization BYPASS vulnerability that allows an attacker to bypass security restrictions and perform unauthorized actions. Solution Update the plugin...

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass source: https://www.securityfocus.com/bid/69740/info The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthoriz...

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass

source: https://www.securityfocus.com/bid/69740/info The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Ninj...

Easy Forms for vBulletin 4.X - Upload Shell Code / Remote Code Execute

Easy Forms vBuletin 4.x have suffers from a remote code execute and upload shell code. This is private exploit. You can buy it at https://0day.today...

PYSEC-2014-7

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

Halon Security Router < 3.2r2 Multiple Vulnerabilities

According to its self-reported version, the instance of Halon Security Router running on the remote host is affected by multiple vulnerabilities : - Multiple reflected cross-site scripting vulnerabilities exist in the web interface due to a failure to sanitize user-supplied input. - Multiple...

TDO Mini Forms 0.13.9 - tdomf-upload-inline.php File Upload Remote Code Execution

The tdo-mini-forms WordPress plugin was affected by a tdomf-upload-inline.php File Upload Remote Code Execution security vulnerability...

A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php addfieldtosection Function Multiple Parameter XSS security vulnerability...

A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php aformcssfileselector Function cssfileselection Parameter XSS security vulnerability...

A Forms 1.4.0 - a-forms.php a_form_initial_page Function Multiple Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php aforminitialpage Function Multiple Parameter XSS security vulnerability...