Leanify Buffer Overflow Vulnerability (CNVD-2019-18515)

Leanify is a lightweight file lossless compression program. A buffer overflow vulnerability exists in the forms/xml.cpp file in Leanify version 0.4.3. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting ...

Debian DLA-1822-1 : php-horde-form security update

The Horde Application Framework contained a remote code execution vulnerability. A remote attacker could use this flaw to use image uploads in forms to install and execute a file in an arbitrary writable location on the server. For Debian 8 'Jessie', this problem has been fixed in version...

[SECURITY] Fedora 30 Update: evince-3.32.0-3.fc30

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

CVE-2019-10336

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...

PT-2019-11736 · Jenkins +1 · Jenkins Electricflow Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.6 and earlier CloudBees CD Plugin affected versions not specified Description: A reflected cross-site scripting issue allows attackers to inject arbitrary HTML and JavaScript into job configuration form...

Malicious Package

radic-util contains malicious code. The code when executed in the browser would get password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

CVE-2018-10696

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her...

CVE-2019-7129

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-7129

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

Cross site scripting

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-7129

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-7129

Adobe Experience Manager Forms (AEM Forms) versions 6.2–6.4 contain a stored cross‑site scripting vulnerability. The root cause is insufficient validation of client‑side data by the web application, which could enable an attacker to disclose sensitive information. This CVE (CVE-2019-7129) is docu...

WordPress Inkblot Theme 4.9.10 Cross Site Request Forgery

Exploit Title : WordPress Inkblot Themes 4.9.10 Cross Site Request Forgery Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 22/05/2019 Vendor Homepage : wordpress.org - gravityforms.com Software Download Link : github.com/mgsisk/inkblot/archive/master.zip Softwar...

Adobe Acrobat Pro DC XFA PDEContent Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC XFA Form Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Acrobat...

Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Executive summary There are two remote code execution vulnerabilities in Adobe Acrobat Reader that could occur if a user were to open a malicious PDF on their machine using the software. Acrobat is the most widely used PDF reader...

CVE-2018-16136

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

CVE-2018-16136

An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim...

CVE-2019-10869

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress when the Uploads add-on is activated. This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php aka upload/submit page name and...

CVE-2019-10869

Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress when the Uploads add-on is activated. This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php aka upload/submit page name and...