WordPress Plugin Ninja Forms 2.9.36 < 2.9.42 - File Upload (Metasploit)

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WordPress Ninja Forms Unauthenticated File Upload', 'Description' = % Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin...

Ninja Forms 2.9.36 to 2.9.42 - Multiple Vulnerabilities

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

CVE-2016-4064

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call...

CVE-2016-4064

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call...

Design/Logic Flaw

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call...

CVE-2016-4064

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call...

CVE-2016-4064

Foxit Reader and Foxit PhantomPDF (Windows) ≤ 7.3.3 are affected by CVE-2016-4064 due to a use-after-free in the XFA forms handling when a crafted remerge call is processed. This leads to remote code execution with high impact (as described in connected sources). Remediation per the documents: up...

Boost - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-021

This module provides static page caching for Drupal enabling a very significant performance and scalability boost for sites that receive mostly anonymous traffic. The module doesn't prevent form cache from leaking between anonymous users which could result in information disclosure, where one use...

WordPress Infusionsoft Gravity Forms Add-on Plugin <= 1.5.11 - XSS

This plugin is prone to a cross site scripting vulnerability. Solution Upgrade the plugin...

Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=""...

Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId="alert1;"...

Fill and Sign PDF Forms - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Fill and Sign PDF Forms published at the 'play' market has multiple vulnerabilities...

Drupal Core Forms Interface Ignores Submit Button Access Restriction Vulnerability

Drupal is a free and open source content management system developed in PHP. An access bypass vulnerability exists in Drupal Core. Allowing input submission, e.g. using JavaScript, of form button elements that the user should not have access to because the buttons are blocked by server-side form...

Foxit Reader XFA Re-merge After Release Re-exploit Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of XFA forms, which could allow the reuse of a pointer that has been released in the hanging pointer. An attacker can execute arbitrary code in the current process context...

Foxit Reader XFA remerge Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution

Exploit Title: Wordpress Plugin MailChimp Subscribe Forms - Remote Code Execution Date: 23-03-2016 Exploit Author: CrashBandicot Google Dork : inurl:/wp-content/plugins/mailchimp-subscribe-sm/ Vendor Homepage: https://fr.wordpress.org/plugins/mailchimp-subscribe-sm/ Tested on: MSWin32 Version: 1....

WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS

Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Solution Update the plugin...

Breezing Forms Full

Breezing Forms Full before build 884 Information disclosure Resolution: update to latest version Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...

Breezing Forms Lite

Breezing Forms Lite before build 912 Information disclosure Resolution: update to latest version Update notice: https://crosstec.org/en/blog/859-breezingforms-medium-security-update.html...

Zimbra 8.0.9 GA - Cross-Site Request Forgery

====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release, enabling to change account preferences like...