8134 matches found
CVE-2017-16578
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16583
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16580
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Type confusion
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16578
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16575
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA...
CVE-2017-16583
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16583
Foxit Reader 8.3.2.25013 is vulnerable to a remote code execution flaw in the XFA dataset element (missing validation of object existence). Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and can execute code with the current process context. Affecte...
CVE-2017-16583
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16580
CVE-2017-16580 affects Foxit Reader 8.3.2.25013 where the ImageField node in XFA forms mishandles user-supplied data, causing an out-of-bounds/read past end vulnerability. The issue enables remote information disclosure and can be leveraged in conjunction with other flaws to execute code in the p...
CVE-2017-16578
The CVE-2017-16578 entry concerns Foxit Reader 8.3.2.25013 and describes a type confusion in the XFA forms’ picture elements that allows remote code execution after user interaction (visiting a malicious page or opening a malicious file). The underlying issue is improper validation of user-suppli...
CVE-2017-16578
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
WordPress Gravity Forms – Clockwork SMS plugin <=2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Gravity Forms – Clockwork SMS plugin versions =2.2. Solution Update the WordPress Gravity Forms – Clockwork SMS plugin to the latest available version at least 2.4.0...
CVE-2017-14092
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
HackerOne: HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms
Summary: I noticed that HackerOne career pages loads it's application forms from Greenhouse.io via an iframe. The ghjid parameter value is taken into the iframe element for the token parameter in the iframe URL boards.greenhouse.io. Any html characters are escaped in order to avoid XSS and possib...
Automattic: Improper markup sanitisation in Simplenote Android application.
Description The Simplenote Android application 1.5.6 still allows users to embed fully-fledged forms. html Sign in to Simplenote Please sign in Email Password Remember Me Forgot your password? F246484 A more convincing proof of concept could consist of hiding the form inside several paragraphs o...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...
SS-2017-010: install.php discloses sensitive data by pre-populating DB credential forms
More info at https://www.silverstripe.org/download/security-releases/ss-2017-010/...