Moodle 1.9.x < 1.9.14 Multiple Vulnerabilities

Binary data 8711.prm...

WordPress Gravity Forms Plugin <= 1.9.6 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin to the latest version...

CVE-2015-0698

Multiple cross-site scripting XSS vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213...

Wordpress InfusionSoft Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the WordPress...

Wordpress InfusionSoft Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

thunderbird security update

CentOS Errata and Security Advisory CESA-2015:0642 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

WordPress Live Forms Plugin <= 3.0.1 - Blind SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...

Live Forms - Visual Form Builder 3.0.1 - Blind SQL Injection

The AJAX action ‘getreqlist’ is available to all logged in users. The parameter ‘ipp’ sent to this action is vulnerable to Blind MySQL Injection. This can be leveraged by detecting how long a query takes to return...

Gravity Forms 1.8 <= 1.9.3.5 - Authenticated Blind SQL Injection

Title: Gravity Forms 1.8 = 1.9.3.5 - Blind SQL Injection CVE-2015-2260 Version/s Tested: 1.9.3.1 Description: Gravity Forms is one of the most popular WordPress plugins gravityforms used to create forms for WordPress sites. The latest version at the time of writing 1.9.3.5 contains an authenticat...

WordPress Gravity Forms Plugin <= 1.9.3.5 - SQL Injection

This plugin is prone to an SQL injection vulnerability, because the sortcolumn GET parameter is not sufficiently sanitised before being used within an SQL query. Solution Update the plugin...

Wordpress Gravity Forms 1.8.19 /include/upload.php 文件上传漏洞

/includes/upload.php$filename = isset$REQUEST"name" ? $REQUEST"name" : ''; $fieldid = rgpost"fieldid"; $field = GFFormsModel::getfield$form, $fieldid; if empty $field die; // Clean the fileName for security reasons $filename = pregreplace'/^\w.+/', '', $filename; …. $tmpfilename = $formuniqueid...

WordPress Plugin Ninja Forms Cross-Site Scripting Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. WordPress Ninja Forms suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to construct malicious URIs, trick users into...

Malware cleanup to Gravity Forms arbitrary file upload-vulnerability warning-the black bar safety net

Regular malware detection cleanup process, we encountered one case of infection, caused our attention. Our environment does not have any special or fancy stuff, just updated wordpress and 3 expired plug-in; this situation is quite reasonable. The processing process ends, the environment is clean...

Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)

An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file...

CVE-2015-2220

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

Code injection

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow 1 remote attackers to inject arbitrary web script or HTML via the ninjaformsfield1 parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php or 2 remote administrators to injec...

CVE-2014-9688

Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users...

CVE-2014-9688

CVE-2014-9688 concerns the Ninja Forms WordPress plugin, specifically versions before 2.8.10. The connected sources describe an unspecified vulnerability with unknown impact and remote attack vectors related to admin users. The NVD metrics indicate partial confidentiality, integrity, and availabi...

CVE-2015-2220

The CVE-2015-2220 entry concerns the WordPress Ninja Forms plugin with XSS vulnerabilities in versions before 2.8.9. Two vectors are reported: (1) via ninja_forms_field_1 in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php, and (2) via fields[1] in wp-admin/post.php. These permit remot...