CVE-2017-3067

Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms...

Adobe Patches Seven Critical Vulnerabilities in Flash, AEM

Adobe fixed eight vulnerabilities, seven critical, in Flash Player and its Adobe Experience Manager AEM Forms product as part of a regularly scheduled update Tuesday morning. All seven of the Flash Player bugs can lead to code execution and should be considered critical, according to a security...

APSB17-16 Security updates available for Adobe Experience Manager Forms

Adobe has released security updates for Adobe Experience Manager AEM Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability CVE-2017-3067 resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providin...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Experience Manager Forms. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security...

Business Email Compromise Losses Up 2,370 Percent Since 2015

Business Email Compromise BEC schemes, where executives are scammed via social engineering and phishing compromises that ultimately lead to fraudulent wire transfers, grew at a jaw-dropping rate of 2,370 percent in the last two years. The FBI yesterday published its latest statistics on these...

WordPress Wow Forms Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Wow Forms plugin, which can be exploited by attackers to access or modi...

The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to execute arbitrary code.

The vulnerability of the XFA module for programs that read and edit PDF files, such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud, is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to execut...

WordPress Plugin Wow Forms 2.1 - SQL Injection

WordPress Plugin Wow Forms 2.1 - SQL Injection Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website:...

WordPress Wow Forms plugin <= 2.1 - SQL Injection

The POST parameter wowformid is vulnerable to SQL injection. This parameter is not escaped properly. Solution Update the plugin...

WordPress Wow Forms 2.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: email protected...

WordPress Plugin Wow Forms 2.1 - SQL Injection

Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website: https://tad.group Category: Web Application...

Adobe Acrobat and Reader Integer Overflow (APSB17-11: CVE-2017-3034)

An integer overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to a parsing error in XML Forms Architecture XFA engine in Adobe Reader and Acrobat. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

Reflected Cross-Site Scripting Vulnerability in 'keyword' Parameter of Qibo B2B Commerce System

Qibo B2B business system is an open source content management system . Qibo B2B Commerce System 'keyword' parameter reflects cross-site scripting vulnerability. Allows attackers to insert XSS execution code into web forms, there are phishing attacks, user cookie theft and other security risks...

CVE-2016-8726

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server...

Null pointer dereference

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server...

CVE-2017-3035

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3034

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3035

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...

CVE-2017-3014

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture XFA related to reset form functionality. Successful exploitation could lead to arbitrary code execution...

Design/Logic Flaw

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture XFA engine. Successful exploitation could lead to arbitrary code execution...