Wordpress Plugin Ninja Forms CSV Injection Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports personal blog sites on servers with PHP and MySQL. Ninja Forms is the ultimate free form creation tool for WordPress. A CSV injection vulnerability exists in WordPress Nin...

WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active...

Ninja Forms <= 3.3.13 - CSV Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a CSV Injection security vulnerability...

WordPress Ninja Forms 3.3.13 CSV Injection

Exploit Title: Wordpress Plugin Ninja Forms - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active installations: 1+...

OpenEMR SQL Injection Vulnerability (CNVD-2018-17198)

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A SQL injection vulnerability exists in the...

SQL Injection Vulnerability at My Forms in SMiCMS School Crowd System

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. State Micro CMS school station group system my form at the existence of SQL injection vulnerability . Attackers can use the vulnerability to...

SQL Injection Vulnerability in the Universal Forms Module of SMiCMS School Group System

State Micro CMS is one of the mainstream CMS systems in China, and is also the largest open source platform provider in the field of PHP in Southern China. State Micro CMS school station system universal form module SQL injection vulnerability. Attackers can use the vulnerability to obtain...

Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CNVD-2018-15093)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

Human Resources Firm ComplyRight Breached

Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including names, addresses, phone numbers, email addresses and Social Security numbers -- from tax forms submitted by the company's thousand...

CVE-2016-9483 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...

Ninja Forms < 3.3.9 - Insufficient Restrictions during Export Personal Data requests

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Insufficient Restrictions during Export Personal Data requests security vulnerability...

Security Bulletin: Apache HttpComponents vulnerable to spoofing attacks are affecting Case Manager Client (CVE-2012-6153, CVE-2014-3577)

Summary Apache HttpComponents that are vulnerable to spoofing attacks are affecting Case Manager Client. Vulnerability Details Apache HttpComponents that are being utilized by the Forms widget in Case Manager Client when you are working with IBM Forms are vulnerable to spoofing attacks. CVEID:...

Security Bulletin: IBM Forms Experience Builder is vulnerable due to Apache Tomcat and Apache Commons FileUpload Vulnerabilities (CVE-2016-3092)

Summary IBM Forms Experience Builder could be susceptible to a denial of service, caused by an error in the Apache Commons FileUpload component. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons...

Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities

Summary IBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries Vulnerability Details CVEID: CVE-2014-3574 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error wh...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Forms Server (CVE-2016-3092 )

Summary An Apache Commons FileUpload vulnerability for handling string edge case was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending...

Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001)

Summary IBM Forms Experience Builder could be susceptible to a server-side request forgery SSRF allowing for some information disclosure of internal resources. Vulnerability Details CVEID: CVE-2016-6001 DESCRIPTION: IBM Forms Experience Builder could be susceptible to a server-side request forger...

Security Bulletin: IBM Forms Experience Builder is vulnerable to XML External Entity (XXE) Processing (CVE-2016-0369)

Summary IBM Forms Experience Builder is vulnerable to an XML External Entity processing exposure potentially leading to information disclosure. Vulnerability Details CVEID : CVE-2016-0369 DESCRIPTION : IBM Forms Experience Builder could allow a remote attacker to obtain sensitive information,...

Security Bulletin: IBM Forms Viewer may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729, CVE-2016-4463)

Summary An IBM Form XFDL document that contains a specially crafted mark-up could crash IBM Forms Viewer. This may expose a vulnerability in its use of the Apache Xerces-C XML Parser library. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable ...

Security Bulletin: IBM Forms Server may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729, CVE-2016-4463)

Summary An IBM Form XFDL document that contains a specially crafted mark-up could crash IBM Forms Server. This may expose a vulnerability in its use of the Apache Xerces-C XML Parser library. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable ...