Malicious Package

device-mqtt is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

sailclothjs is malicious package. The package contains a malicious code which will steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

Malicious Package

uploader-plugin is a malicious package. The package contains a malicious code which will steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

'Google' Sites Are the Latest Ploy by Card-Skimming Thieves

Malicious domains masquerading as Google sites are the latest ploy by payment card-skimming adversaries looking to dupe website visitors. According to analysts at Sucuri, cybercriminals are using typosquatting the practice of changing one letter in a trusted site name to use as a malicious URL to...

WordPress Everest Forms plugin <= 1.4.9 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Tin Duong in WordPress Everest Forms plugin versions = 1.4.9. Solution Update the WordPress Everest Forms plugin to the latest available version at least 1.5.0...

WordPress Everest Forms Plugin < 1.5.0 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112609";...

CVE-2019-13575

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php...

Sql injection

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php...

CVE-2019-13575

A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php...

PT-2019-13434 · Wpeverest +1 · Everest Forms +1

Name of the Vulnerable Software and Affected Versions: WPEverest Everest Forms plugin for WordPress versions through 1.4.9 Description: A SQL injection issue exists, allowing a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php. This coul...

Everest Forms <= 1.4.9 - SQL Injection

The Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms WordPress plugin was affected by a SQL Injection security vulnerability...

WordPress Everest Forms SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Everest Forms is a form generation plugin used in it. A SQL injection vulnerability exists in WordPress Everest Forms. The vulnerabilit...

Kartpay: Bypass _token in forms [Merchant.Kartpay.com ]

Summary: I found a issue in froms related to the Merchant.Kartpay.com domain and it allow to bypassing token. Browsers Verified In: Firefox 68 Steps To Reproduce: 1. Go To Login or any form https://merchant.kartpay.com/merchantlogin 2. Fill form and Intercept in burpsuite next click on LOGIN 3...

Code injection

GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools Reminder Description .. Set the...

CVE-2019-13071

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page...

WordPress Ninja Forms Plugin Path Traversal (CVE-2019-10869)

A directory traversal vulnerability exists in WordPress Ninja Forms plugin. Successful exploit allows an attacker to traverse the file system to access files and execute code...

Foxit Reader XFA Form Remote Code Execution Vulnerability

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A remote code execution vulnerability exists in the handling of XFA forms in Foxit Reader 9.5.0.20723 and earlier versions. The vulnerability stems from a failure to validate the existence of an object before performing an...

Foxit Reader XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA...

WordPress Ninja Forms plugin <= 3.3.21 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Ninja Forms plugin versions = 3.3.21. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.21.3...