8133 matches found
Ninja Forms <= 2.9.27 - Malicious File Export
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Malicious File Export security vulnerability...
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting
Exploit Title: Wordpress White-Label Framework XSS Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymailiframe.php Date: 7 September 2015 Exploit Author: Outlasted Software Link: wordpress.com / http://whitelabelframework.com/ Version: 2.0.6 Greetz to: TeaMp0isoN...
WordPress Aviary Image Editor Add On For Gravity Forms Plugin 3.0 /includes/upload.php File Upload
No description provided by source...
up.time 7.5.0 - Upload and Execute
up.time 7.5.0 Upload And Execute File Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: up.time suffers from arbitrary command execution. Attackers can...
Multiple Foxit Product XFA Forms Processing Memory Corruption Vulnerabilities
Foxit Reader is a compact PDF reader. A memory corruption vulnerability exists in the implementation of multiple Foxit products. An attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application...
CVE-2015-5481
The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...
Foxit Reader XFA Form Denial of Service Vulnerability While Processing Targets
Foxit Reader is a popular application for working with PDF files. A vulnerability exists in Foxit Reader that allows remote users to send specially crafted XFA forms that, when loaded by the target user, can crash the application or execute arbitrary code...
Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...
Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin.php?page=nf-processing&title=alert123;...
WordPress Ninja Forms 2.9.21 Cross Site Scripting Vulnerability
WordPress Ninja Forms plugin version 2.9.21 suffers from a cross site scripting vulnerability. Title: WordPress 'Ninja Forms' Plugin - XSS Version: 2.9.21 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/07/14 Download: https://wordpress.org/plugins/ninja-forms/ Contacted authors:...
WordPress Ninja Forms Plugin <= 2.9.21 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Ninja Forms 2.9.21 Cross Site Scripting
Title: WordPress 'Ninja Forms' Plugin - XSS Version: 2.9.21 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/07/14 Download: https://wordpress.org/plugins/ninja-forms/ Contacted authors: 2015/07/14 ========================================================== Description:...
XSS vulnerability in OFBiz forms
https://issues.apache.org/jira/browse/OFBIZ-6506 In Ofbiz form need to escape characters from description column in a display-entity tag to avoid XSS attacks. display-entity entity-name="Table" description="$description" I tried to use bsh, as following: display-entity entity-name="Table"...
WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities
WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities. Title: Cross-Site Request Forgery & SQL Injection Vulnerabilities in Unite Gallery Lite Wordpress Plugin v1.4.6 Submitter: Nitin Venkatesh Product: Unite Gallery Lit...
NEX-Forms <= 4.0 - Unauthenticated Blind SQL Injection
The NEX-Forms – Ultimate Form Builder – Contact forms and much more WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability...
WordPress NEX-Forms Plugin <= 4.0 - Blind SQL Injection
Because of this vulnerability, unauthenticated attackers and authenticatged users can inject arbitrary SQL commands. Solution Upgrade the plugin...
Threat Outbreak Alert RuleID16427: Email Messages Distributing Malicious Software on July 6, 2015
Medium Alert ID: 39668 First Published: 2015 July 7 19:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16427 may contain the following files: Name | Size...
WordPress MailChimp Subscribe Forms PHP Code Execution
A PHP code execution vulnerability has been reported in Wordpress plugin MailChimp Subscribe Forms. The vulnerability is due to insufficient validation of user-controlled email address when handling subscribe requests. An unauthenticated remote attacker can exploit this vulnerability by sending a...
WordPress Aviary Image Editor Add-on For Gravity Forms Plugin Arbitrary File Upload Vulnerability
WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.Aviary Image Editor Add-on For Gravity Forms is a plug-in for Gravity Forms forms that integrates the Adobe Creative SDK Photo/Image Editor add-on for Gravity Forms. An...
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Vulnerability
Document Title: =============== ZTE ZXV10 W300 v3.1.0cDR0 - UI Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1522 Release Date: ============= 2015-06-16 Vulnerability Laboratory ID VL-ID: ==================================== 1522...