PYSEC-2012-3

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

PYSEC-2012-3

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

CVE-2012-3443

The vulnerability CVE-2012-3443 affects Django’s ImageField in the form system. Django before 1.3.2 and 1.4.x before 1.4.1 decompress image data during image validation, which can cause denial of service through memory consumption when processing an image upload. Public advisories and vendor note...

CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

Oracle WebCenter Forms Recognition Sssplt30.ocx Arbitrary File Creation (CVE-2012-1710)

A directory traversal vulnerability has been reported in Oracle WebCenter Forms Recognition...

CVE-2011-4301

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...

Design/Logic Flaw

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...

CVE-2011-4301

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...

CVE-2011-4301

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...

CVE-2011-4301

The CVE-2011-4301 issue affects Moodle’s Forms Library (MoodleQuickForm in lib/formslib.php) where the Forms API setConstant operation is not recognized. This allows remote attackers to submit unexpected form content by modifying constant field values. Affected versions are Moodle 1.9.x prior to ...

http-phpself-xss NSE Script

Crawls a web server and attempts to find PHP files vulnerable to reflected cross site scripting via the variable $SERVER"PHPSELF". This script crawls the webserver to create a list of PHP files and then sends an attack vector/probe to identify PHPSELF cross site scripting vulnerabilities. PHPSELF...

Oracle WebCenter Forms Recognition ActiveX Control Arbitrary File Creation (CVE-2012-1709)

A directory traversal vulnerability has been reported in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in certain methods in the CroProj.dll ActiveX control. A remote attacker can exploit this vulnerability by enticing a target user to...

WordPress MM Forms Community 2.2.6 File Upload

File upload vulnerability in WordPress MM Forms Community plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

http-sql-injection NSE Script

Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack. It also extracts forms from found websites and tries to identify fields that are vulnerable. The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted...

CVE-2012-3574

Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

CVE-2012-3574

The CVE-2012-3574 issue affects the WordPress MM Forms Community plugin (versions 2.2.5 and 2.2.6). A flaw in includes/doajaxfileupload.php allows unrestricted/arbitrary file uploads, enabling remote code execution by uploading a file with an executable extension and validating it via a request t...

http-form-fuzzer NSE Script

Performs a simple form fuzzing against forms found on websites. Tries strings and numbers of increasing length and attempts to determine if the fuzzing was successful. Script Arguments http-form-fuzzer.minlength the minimum length of a string that will be used for fuzzing, defaults to 300000...

WordPress Easy Contact Forms Export Plugin 1.1.0 - Information Disclosure

WordPress Easy Contact Forms Export plugin is prone to an information disclosure vulnerability. It allows an attacker to obtain sensitive information that may aid in further attacks. Solution Update the plugin...

WordPress Easy Contact Forms Export 1.1.0 File Disclosure

Description : Wordpress Plugins - Easy Contact Forms Export Information Disclosure Vulnerability Version : 1.1.0 Link : http://wordpress.org/extend/easy-contact-forms-exporter/ Plugins : http://downloads.wordpress.org/plugin/easy-contact-forms-exporter.zip Date : 26-05-2012 Google Dork :...

WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure

WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure Description : Wordpress Plugins - Easy Contact Forms Export Information Disclosure Vulnerability Version : 1.1.0 Link : http://wordpress.org/extend/easy-contact-forms-exporter/ Plugins :...