8134 matches found
CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...
CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...
CVE-2018-10063
CVE-2018-10063 affects Joomla! Convert Forms extension prior to 2.0.4. The vulnerability is a CSV injection that enables remote command execution when exporting leads/form data, due to how CSV fields are handled during export. Documented impact includes potential arbitrary command execution with ...
CVE-2018-10063
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file...
Joomla Convert Forms 2.0.3 CSV Injection
Exploit Title: Joomla Extension Convert Forms version 2.0.3 - Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/ Affected Version: 2.03 and befo...
Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla Convert Forms version 2.0.3 - Formula Injection CSV Injection Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link:...
Convert Forms, 2.0.3, CSV Injection
Convert Forms by Tassos.gr, versions 2.0.3 and previous, CSV Injection resolution: update to 2.0.4 update notice: https://www.tassos.gr/blog/convert-forms-2-0-4-security-release...
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/ Affected Version...
Memory Corruption Vulnerability in SoftZone Office Forms Easy Module Handling xls Files
SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory corruption vulnerability exists in the SoftZone Office Forms Easy module PlanMaker.exe when processing xls files. An attacker can...
SQL injection vulnerability in Monxin Forms System \program\talk\show\set_group.php page
Monxin Forms System is an open source program that runs on PHP+MySQL. A SQL injection vulnerability exists in the \program\talk\show\setgroup.php page of Monxin Forms System. An attacker can exploit this vulnerability to obtain sensitive information from the database...
SQL Injection Vulnerability in Monxin Forms System \program\form\show\data_admin.php Page
Monxin Forms System is an open source program that runs on PHP+MySQL. A SQL injection vulnerability exists in the page \program\form\show\dataadmin.php of Monxin Forms System. An attacker can exploit this vulnerability to obtain sensitive database information...
Cross site scripting
Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...
CVE-2016-0223
Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...
CVE-2016-0223
Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...
CVE-2016-0223
Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...
CVE-2016-0223
Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...
CVE-2016-0223
CVE-2016-0223 affects IBM Forms Server (Webform Framework API) on 4.0., 8.0. , 8.1, 8.2. The vulnerability arises from improper validation of user-supplied input, allowing a remote attacker to execute arbitrary script via a specially crafted URL, i.e., a cross-site scripting (XSS) flaw. Impact in...
Description of the security update for SharePoint Enterprise Server 2016: March 13, 2018
Description of the security update for SharePoint Enterprise Server 2016: March 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, go ...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly escape cfg.promptLabel, item.children'span'.text, input.next.text and input.val, found in forms.password.js, forms.multiselectlistbox.js, and forms.selectcheckboxmenu.js respectively. These improper...
WordPress Plugin Ninja Forms Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A cross-site scripting vulnerability exists in the WordPress plugi...