Memory Corruption Vulnerability in WPS Office 2016 Forms etmain Module

WPS office is an office software suite independently developed by Kingsoft Corporation. A memory corruption vulnerability exists in the etmain module of WPS Forms et.exe in WPS when parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of service...

Adobe Acrobat Pro DC PDF Forms Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Ninja Forms < 3.2.15 - Parameter Tampering

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Parameter Tampering security vulnerability...

IBM Forms Experience Builder XML External Entity Injection Vulnerability

IBM Forms Experience Builder is a set of U.S. IBM's Web forms for creating Web site applications. An XML external entity injection vulnerability exists in IBM Forms Experience Builder versions 8.5, 8.5.1, and 8.6. A remote attacker could exploit this vulnerability to obtain sensitive information...

Cisco Unified Communications Manager Information Disclosure Vulnerability (CNVD-2018-05178)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An information disclosure...

FBI Warns Of Spike In W-2 Phishing Campaigns

The Federal Bureau of Investigation is warning businesses about a spike in phishing campaigns requesting W-2 information from payroll personnel. In a recent security advisory the FBI warned it has seen an increase since January in reports of compromised or spoofed emails involving W-2 forms. Thes...

Adobe Reader DC XFA dashDot Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC PDF Forms Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

WordPress Ninja Forms Plugin < 3.3.19.1 Open Redirect Vulnerability

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Ninja Forms Plugin < 3.2.14 XSS Vulnerability

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Ninja Forms plugin <=3.2.13 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Kasper Karlsson in WordPress Ninja Forms plugin versions = 3.2.13. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.2.14...

CVE-2018-7280

The Ninja Forms plugin before 3.2.14 for WordPress has XSS...

CVE-2018-7280

The Ninja Forms plugin before 3.2.14 for WordPress has XSS...

Xxe

XML external entity XXE vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088...

CVE-2016-0369

XML external entity XXE vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088...

CVE-2016-0369

XML external entity XXE vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088...

Cross site scripting

The Ninja Forms plugin before 3.2.14 for WordPress has XSS...

CVE-2016-0369

IBM Forms Experience Builder versions 8.5, 8.5.1 and 8.6 are affected by an XML External Entity (XXE) processing vulnerability. The root cause is XXE when processing XML data, which could allow a remote authenticated attacker to obtain sensitive information. The CVSS v3 base score is 2.7 (LOW). R...

CVE-2016-0369

XML external entity XXE vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088...

CVE-2018-7280

CVE-2018-7280 affects the WordPress Ninja Forms plugin prior to 3.2.14 (i.e., versions