CVE-2014-3792

Cross-site request forgery CSRF vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewToolsPassword and uiViewToolsPasswordConfirm parameters to...

WordPress Formidable Forms Remote Code Execution

Exploit Title : wordpress plugin "Formidable Forms" Remote code execution exploit Exploit Author : Manish Kishan Tanwar vendor Link : http://wordpress.org/plugins/formidable/ Version Affected: below verson 1.06.03only pro version Discovered At : IndiShell LAB indishell.in aka indian cyber army Lo...

Formidable Forms Pro <= 1.06.02 - ofc_upload_image.php Arbitrary File Upload

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an ofcuploadimage.php Arbitrary File Upload security vulnerability...

[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0

Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...

Beetel 450TC2 Cross Site Request Forgery

input type="submi...

Beetel 450TC2 Router Admin Password CSRF Vulnerability

Exploit for hardware platform in category web applications input type="hidden" name="uiViewToolsPasswordConfirm"...

Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. PoC...

Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability...

Drupal 6.x < 6.31 Forms API Information Disclosure

The remote web server is running a version of Drupal that is 6.x prior to 6.31. It is, therefore, affected by an error related to the HTML form API and the caching of pages for different anonymous users, which could allow sensitive information to be disclosed. Note that Drupal core does not expos...

Drupal 7.x < 7.27 Forms API Information Disclosure

The remote web server is running a version of Drupal that is 7.x prior to 7.27. It is, therefore, affected by an error related to the HTML form API and the caching of pages for different anonymous users, which could allow sensitive information to be disclosed. Note that Drupal core does not expos...

SA-CORE-2014-002 - Drupal core - Information Disclosure

Drupal's form API has built-in support for temporary storage of form state, for example user input. This is often used on multi-step forms, and is required on Ajax-enabled forms in order to allow the Ajax calls to access and update interim user input on the server. When pages are cached for...

CVE-2014-1727

Use-after-free vulnerability in content/renderer/rendererwebcolorchooserimpl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms...

CVE-2014-1727

Use-after-free vulnerability in content/renderer/rendererwebcolorchooserimpl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms...

Design/Logic Flaw

Use-after-free vulnerability in content/renderer/rendererwebcolorchooserimpl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms...

CVE-2014-1727

Use-after-free vulnerability in content/renderer/rendererwebcolorchooserimpl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms...

CVE-2014-1727

Removed by vendor...

Oracle Forms and Reports 代码执行漏洞

No description provided by source...

Kloxo-MR 6.5.0 - Cross-Site Request Forgery

Kloxo-MR 6.5.0 - Cross-Site Request Forgery Exploit Title :Kloxo-MR 6.5.0 CSRF Vulnerability Vendor Homepage :https://github.com/mustafaramadhan/kloxo/tree/dev Version :Kloxo-MR 6.5.0.f-2014020301 Tested on :Centos 6.4 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com...

Kloxo 6.1.18 Stable - Cross-Site Request Forgery

Exploit Title :Kloxo 6.1.18 Stable CSRF Vulnerability Vendor Homepage :http://lxcenter.org/software/kloxo Version :6.1.18 Exploit Author :Necmettin COSKUN =@babayarisi Blog :http://www.ncoskun.com http://www.grisapka.org Discovery date :03/12/2014 CVE :N/A Kloxo formerly known as Lxadmin is a fre...

IBM Forms Viewer XFDL Form Processing Stack Buffer Overflow - Ver2 (CVE-2013-5447)

A buffer overflow vulnerability has been reported in IBM Forms Viewer. The vulnerability is due to an error when processing XFDL forms and can be exploited to cause a stack-based buffer overflow. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...