Microsoft Active Directory Federated Authentication Service Denial of Service Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service that runs on Windows systems. The service provides Web Single Sign-On SSO technology, which enables...

CVE-2016-0047

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."...

CVE-2016-0037

The forms-based authentication implementation in Active Directory Federation Services ADFS 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service daemon outage via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service...

MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the .NET Framework : - A denial of service vulnerability exists due to improper handling of certain Extensible Stylesheet Language Transformations XSLT. A remote attacker can exploit...

WordPress Ninja Forms Plugin Cross-Site Scripting (CVE-2015-2220)

Multiple cross-site scripting vulnerabilities exist in WordPress Ninja Forms Plugin. Successful exploitation of these vulnerabilities would allow remote attackers to inject an arbitrary web script into the affected system...

WordPress Formidable Forms Plugin <= 1.07.11 - Blind SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...

WordPress Formidable Forms Plugin <= 1.06.03 - Remote Code Execution

This plugin is prone to remote code execution because of ofcuploadimage.php file parameters $GET 'name' and $HTTPRAWPOSTDATA. Solution Update the plugin...

WordPress Formidable Forms Plugin <= 1.06.08 - Unspecified Vulnerabilities

This plugin is prone to unspecified issues. Solution Update the plugin...

HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability

Summary HP Client Security Manager provides enhanced Windows login and website single-sign-on capabilities. Security Manager is also the host for HP Client Security plugins and should be installed before other Client Security modules. This package is provided for supported notebook models running...

Formidable Forms <= 1.07.11 - Authenticated Blind SQL Injection

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

Updated ruby-mail packages fix security vulnerability

The Mail library does not impose a length limit on email addresses, so an attacker can send a long spam message via a recipient address unless there is a limit on the application's side. The attacker-injected message in the recipient address is processed by the server. This type of vulnerability...

WordPress NEX-Forms Lite Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . NEX-Forms Lite is one of the user-defined plugin to create forms . A cross-site scripting vulnerability exists in...

Adobe Reader DC Forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AcroForm...

CVE-2014-7151

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...

CVE-2014-7151

CVE-2014-7151 affects the WordPress NEX-Forms Lite plugin (v2.1.0). It describes multiple cross-site scripting (XSS) vulnerabilities via the form_fields parameter in admin-ajax.php during do_edit/do_insert actions. Root cause: insufficient filtering of form_fields. Impact: cross-site script/HTML ...

CVE-2014-7151

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...

Sawef - Send Attack Web Forms

SAWEF - Send Attack Web Forms DESCRIPTION The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of the few features that want her to have, but we can already see in this tool: - Email Crawler in sites - Crawler forms on the...

WordPress Ninja Forms Plugin <= 2.9.42.0 - PHP Object Injection

This vulnerability allows an attacker to conduct PHP object injection attacks via crafted serialized values in a POST request. Solution Update the plugin...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via 1 global parameters, 2 smart class parameters, or 3 smart variables in the a host or b hostgroup edit forms...