CVE-2021-33224

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file...

CVE-2021-33224

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file...

Unrestricted file upload

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file...

CVE-2021-33224

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file...

PT-2023-12200 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: Umbraco Forms version 8.7.0 Description: The issue allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. This is a result of a file upload vulnerability. Recommendations: For Umbraco Forms version...

CVE-2021-33224

The CVE-2021-33224 entry concerns Umbraco Forms v8.7.0, which is affected by a file upload vulnerability that allows unauthenticated attackers to execute arbitrary code via a crafted web.config and ASP file. The root cause is a flaw in handling file uploads in Umbraco Forms, enabling remote code ...

CVE-2021-33224

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file...

Umbraco Forms 代码问题漏洞

Umbraco Forms is a form builder. A security vulnerability exists in Umbraco Forms version v.8.7.0 that originates from a vulnerability that allows an unauthenticated attacker to execute arbitrary code via a crafted web.config and asp file...

Multilingual skimmer fingerprints 'secret shoppers' via Cloudflare endpoint API

One important aspect of data theft in criminal markets revolves around the authenticity of the data that is being resold. There are different services that exist to vet such things as credit card numbers so that buyers can purchase with confidence. Criminals are also very aware that anyone and in...

TYPO3-EXT-SA-2023-002: Persisted Cross-Site Scripting in extension "Forms Export" (frp_form_answers)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-002...

TYPO3-EXT-SA-2023-002: Persisted Cross-Site Scripting in extension "Forms Export" (frp_form_answers)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-002...

Debian: Security Advisory (DLA-3329-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions affects plugin forms actions create, duplicate, edit, delete...

CVE-2023-24388 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin = 3.2.3 versions affects plugin forms actions create, duplicate, edit, delete...

SUSE CVE-2004-1059

Multiple cross-site scripting XSS vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the 1 next and 2 prev result search pages, and the 3 extended and 4 simple search forms...

SUSE CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

SUSE CVE-2011-2927

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting XSS, allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attacke...

SUSE CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in...

SUSE CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

SUSE CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, ak...