Joomla Forms 1.3.1 SQL Injection

======================================================================== | Title : Joomla comforms 1.3.1 Sql injection vulnerability | Author : indoushka | email : [email protected] | Tested on: windows 8.1 Français V.Pro | Vendor : https://github.com/subtext/comforms/blob/master/forms.xml...

FortiWeb CSRF Vulnerability

A CSRF vulnerability could allow attackers to change admin password with crafted forms...

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

WordPress Gravity Forms 1.8.19 Shell Upload

&formid=1&name=khan.php5&gformuniqueid=../../../../&fieldid=3'; curlsetopt$ch, CURLOPTRETURNTRANSFER, true; $response = curlexec$ch; curlclose$ch; if eregi'ok', $response echo "$separator\nShell at $shell\n$separator\n\n"; while $testCom != 'bubye!' $user =...

WordPress Gravity Forms Plugin 1.8.19 - Arbitrary File Upload

WordPress Gravity Forms plugin is prone to an arbitrary file upload vulnerability. It allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload

an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator = '-------------------------------------------------------------------'; $ch = curlinit$url; curlsetopt$ch,...

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator =...

WordPress Gravity Forms 1.8.19 Plugin - Arbitrary File Upload

Exploit for php platform in category web applications an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator =...

pearsoned.com XSS vulnerability

Vulnerable URL: https://www.pearsoned.com/contact-forms/enews.php?form=...

WordPress Ninja Forms Unauthenticated File Upload

No description provided by source...

WordPress Ninja Forms Unauthenticated File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...

WordPress Ninja Forms Plugin PHP Object Injection Hole

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A security vulnerability exists in the WordPress Ninja Forms plugi...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

CVE-2016-1209

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request...

CVE-2016-1209

CVE-2016-1209 affects WordPress Ninja Forms, with vulnerable versions 2.9.36 to 2.9.42 (and 2.9.42.1 as fix variants) allowing remote PHP object injection via crafted POST data, enabling unauthenticated code execution through file upload. Exploitation details are evidenced by Metasploit/Exploit-D...

WordPress plugin "Ninja Forms" vulnerable to PHP object injection

Overview WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according...

JVN#44657371: WordPress plugin "Ninja Forms" vulnerable to PHP object injection

WordPress plugin "Ninja Forms" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute an arbitrary PHP code. Solution Update the Software Update to a version that addresses the vulnerability according to the...

Adobe Reader DC XFA Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

WordPress Ninja Forms Unauthenticated File Upload

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server...