CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

Cross site scripting

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

[SECURITY] Fedora 25 Update: evince-3.22.1-5.fc25

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

CVE-2017-1000033

The CVE refers to the WordPress Vospari Forms plugin, specifically versions earlier than 1.4. It describes a reflected cross-site scripting (XSS) vulnerability in the form submission, enabling JavaScript execution in the context of the current user. The available sources consistently indicate the...

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

hrd6.ccsd.net XSS vulnerability

Vulnerable URL: http://hrd6.ccsd.net/HRD/forms/SubApp/prgHrdSchoolList.php?theRegID=1/-///'/"//--...

WebSites Found Collecting Data from Online Forms Even Before You Click Submit

'Do I really need to give this website so much about me?' That's exactly what I usually think after filling but before submitting a web form online asking for my personal details to continue. I am sure most of you would either close the whole tab or would edit already typed details or filled up b...

Description of the security update for Outlook 2016: June 13, 2017

Description of the security update for Outlook 2016: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

DEBIAN-CVE-2017-4965

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ...

Cross-site Scripting (XSS)

doorkeeper is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the authorizations and applications view forms...

Unrestricted file upload

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

CVE-2015-4455

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

Concrete CMS: Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ]

Intro Luke, I am your Crayons! Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.1.0 Summary There is Stored XSS vulnerability in Headline element of TextControl Express element. This vulnerability allows malicious user to embed JavaScript code and execu...

DEBIAN-CVE-2017-9055

An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarfformsdata a few data types were not checked for being in bounds, leading to a heap-based buffer over-read...

CVE-2017-9052

An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarfformsdata is due to a failure to check a pointer for being in bounds in a few places in this function and a failure in a check in dwarfattrlist...

DEBIAN-CVE-2017-9052

An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarfformsdata is due to a failure to check a pointer for being in bounds in a few places in this function and a failure in a check in dwarfattrlist...

Adobe Experience Manager Forms Information Disclosure Vulnerability

Adobe Experience Manager Forms is a software developed by Adobe, Incorporated in the United States of America, and is a huge platform that contains a myriad of features, all based on an open, extensible technology core that can be customized for each client's needs. An information disclosure...

CVE-2017-3067

Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...

CVE-2017-3067

CVE-2017-3067 affects Adobe Experience Manager Forms (AEM Forms) versions 6.0–6.2, with an information disclosure vulnerability caused by abuse of the pre-population service. Exploitation could disclose sensitive information via the pre-population mechanism. Adobe released APSB17-16 security upda...