Foxit PDF Reader JavaScript field object signatureGetSeedValue remote code execution vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick...

Symfony Configuration Cheat Sheet

The Symfony framework provides web developers with a great foundation for their PHP applications. Several components can be used for many recurring tasks that are required in every application, such as handling input forms or accessing a database. In addition to functional tasks, security-relevan...

Jobs Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Jobs Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form submission or...

List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1

List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1 Summary This article describes the following aspects of the Microsoft .NET Framework 3.5 Service Pack 1 SP1: Hotfixes that are included in this service pack New features and functionalities Note This update also includes...

[20181001] - Core - Hardening com_contact contact form

Inadequate checks in comcontact could allowed mail submission in disabled forms...

Forms by Balbooa.com,1.7.2,Information Disclosure

Forms by Balbooa.com,1.7.2,Information Disclosure Resolution: update to 1.7.4 there was a previous update 1.7.3 which did not entirely fix the issue update notice: https://support.balbooa.com/forum/joomla-forms/5441-balbooa-joomla-forms-v-1-7-4...

ffjpeg Denial of Service Vulnerability

ffjpeg is a JPEG format encoder, decoder. A denial of service vulnerability exists in the ffjpeg.dll dynamic link library in versions prior to ffjpeg 2018-08-22, which can be exploited by remote attackers to cause a denial of service with the help of progressive JPEG files missing AC Huffman form...

cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root

CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...

WordPress Ninja Forms CSV Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Ninja Forms is one of the form creation plugin . A CSV injection vulnerability exists in WordPress Ninja Forms. An...

Design/Logic Flaw

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

CVE-2018-16308

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

CVE-2018-16308

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

CVE-2018-16308

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection...

CVE-2018-16308

CVE-2018-16308 — CSV Injection in WordPress Ninja Forms is a vulnerability in the Ninja Forms plugin for WordPress, affecting versions before 3.3.14.1. The issue is a CSV injection flaw in the plugin’s handling of form data exported to CSV. The CVSS metrics indicate a high impact when exploited l...

WordPress Ninja Forms plugin <= 3.3.13 - CSV Injection vulnerability

CSV Injection vulnerability fund by Mostafa Gharzi in WordPress Ninja Forms plugin versions = 3.3.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.14...

WordPress Ninja Forms plugin <= 3.3.13 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Ninja Forms plugin versions = 3.3.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.14...

Ninja Forms <= 3.3.13 - Cross-Site Scripting (XSS) in Import Function

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS in Import Function security vulnerability...

WordPress Ninja Forms Plugin Remote Code Execution

A Remote Code Execution vulnerability exists in the WordPress Ninja Forms Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Wordpress Ninja Forms 3.3.13 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and befor...

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/...