CVE-2010-3659

Multiple cross-site scripting XSS vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified...

CVE-2017-10324

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite subcomponent: Oracle Forms. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

Design/Logic Flaw

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite subcomponent: Oracle Forms. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

Design/Logic Flaw

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite subcomponent: Oracle Forms. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

CVE-2017-10324

CVE-2017-10324 affects Oracle Applications Technology Stack (Oracle Forms) within Oracle E-Business Suite. Affected are versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7. The vulnerability allows unauthenticated, network-accessible reads via HTTP to a subset of Oracle Applications Techn...

CVE-2017-10066

Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite subcomponent: Oracle Forms. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network acce...

Unspecified Vulnerability in Oracle Applications Technology Stack (CNVD-2017-31498)

Oracle E-Business Suite E-Business Suite is a set of Oracle's fully integrated global business management software, of which the Oracle Applications Technology Stack is a component. An unspecified vulnerability exists in the Oracle Forms subcomponent of the Oracle Applications Technology Stack...

Memory Corruption Vulnerability in WPS Forms (CNVD-2017-34138)

WPS Office is an office software suite developed independently by Kingsoft Corporation. A memory corruption vulnerability exists in the excelrw module of formset.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service or code execution...

Unspecified Vulnerability in Oracle Applications Technology Stack

Oracle E-Business Suite E-Business Suite is a set of Oracle's fully integrated global business management software, of which the Oracle Applications Technology Stack is a component. An unspecified vulnerability exists in the Oracle Forms subcomponent of the Oracle Applications Technology Stack...

WordPress RegistrationMagic-Custom Registration Forms SQL Injection

SQL Injection vulnerability in WordPress RegistrationMagic-Custom Registration Forms plugin includes/classrmdbmanager.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

WordPress cp-contact-form-with-paypal plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. cp-contact-form-with-paypal aka CP Contact Form with PayPal plugin is one of the payment plugins. A cross-site...

PT-2017-12723 · Silverstripe · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: SilverStripe CMS versions prior to 3.5.5 SilverStripe CMS versions 3.6.x prior to 3.6.1 Description: The issue allows remote attackers to enumerate users via timing attacks due to response discrepancy in the login and password reset forms...

Denial of Service Vulnerability in WPS Forms QtCore4 Module

WPS Office is an office software suite developed independently by Kingsoft Corporation. A denial of service vulnerability exists in the WPS Forms QtCore4 module, which occurs when formset.exe in WPS is parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of...

Memory corruption vulnerability in WPS Forms kso module (CNVD-2017-35756)

WPS Office is an office software suite developed independently by Kingsoft Corporation. A memory corruption vulnerability exists in the WPS Forms kso module, which occurs when Formset.exe in WPS is parsing a specific xlsx file. An attacker can exploit the vulnerability to cause a denial of servic...

Buffer Overflow Vulnerability in WPS Forms

WPS Office is an office software suite developed independently by Kingsoft Corporation. A buffer overflow vulnerability exists in WPS Forms, which occurs when WPS Formset.exe is parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of service, which can lead to...

WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress RegistrationMagic-Custom Registration Forms plugin versions = 3.7.9.2. Solution Update the WordPress RegistrationMagic-Custom Registration Forms plugin to the latest available version at least 3.7.9.3...

SS-2017-005: User enumeration via timing attack on login and password reset forms

More info at https://www.silverstripe.org/download/security-releases/ss-2017-005/...

Extreme Office 2017 suffers from a memory corruption vulnerability (CNVD-2017-31181)

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. Extreme Forms 2017 can create, modify and edit xls, xlsx files. A memory corruption vulnerability exists in Extreme Forms in Extreme Office when handling special xls files. An...

UBUNTU-CVE-2017-14725

Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php...

citruscollege.org XSS vulnerability

Vulnerable URL: http://www.citruscollege.org/stdntsrv/counsel/articulation/Documents/Forms/AllItems.aspx?FollowSite=0=%27-confirm%27OPENBUGBOUNTY%27-%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 20.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...