Wordpress InfusionSoft Plugin Upload Vulnerability

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include...

WordPress Plugin InfusionSoft - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

Wordpress InfusionSoft Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the wordpress...

Infusionsoft Gravity Forms 1.5.3 - 1.5.10 Arbitrary File Upload

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by a 1.5.10 Arbitrary File Upload security vulnerability...

WordPress Infusionsoft Gravity Forms Add-on Arbitrary File Upload Vulnerability

WordPress Infusionsoft Gravity Forms Add-on is prone to remote file upload vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress custom-contact-forms Plugin SQL Upload

The WordPress custom-contact-forms plugin 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas', Vulnerability discovery 'Christian Mehlmauer' Metasploit module , 'License' = MSFLICENSE, 'References' = 'URL',...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

Code injection

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

CVE-2014-7152

The CVE-2014-7152 entry relates to the Easy Forms for MailChimp / Easy MailChimp Forms WordPress plugin, affecting versions 3.0 through 5.0.6. The vulnerability is an XSS flaw triggered via the update_options action to wp-admin/admin-ajax.php, allowing an attacker to inject arbitrary script or HT...

CVE-2014-6446

CVE-2014-6446 affects the WordPress Infusionsoft Gravity Forms Add-on. The vulnerability exists in versions 1.5.3–1.5.10 and stems from improper access restriction, enabling remote attackers to upload arbitrary files and execute PHP code via a request to utilities/code_generator.php. Affected sof...

CVE-2014-7152

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

WordPress NEX-Forms Lite Plugin <= 2.1.0 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "formfields" parameter. Solution Update the plugin...

JVN#04560253: Yuko Yuko App for Android fails to verify SSL server certificates

Yuko Yuko App for Android provided by Yuko Yuko Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. As a result, an attacker may obtain information entered into web forms. Solution Update the...

Safari < 6.2 / 7.1 Multiple Vulnerabilities

Binary data 8395.prm...

Easy Forms for MailChimp 5.0.3 - classes/class.yksemeBase.php Multiple Actions CSRF

The Easy Forms for Mailchimp WordPress plugin was affected by a classes/class.yksemeBase.php Multiple Actions CSRF security vulnerability...

Code injection

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via 1 an http web site, 2 an https web site with an unacceptable X.509 certificate, or 3 an IFRAME element...

Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2 or 7.1. It is, therefore, affected by the following vulnerabilities : - An error exists related to saved passwords and the incorrect automatic filling of HTML forms. A remote attacker can exploit this to...

XSScrapy - Fast, thorough XSS vulnerability spider

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities. XSS attack vectors xsscrapy will test Referer header way more common than I thought it would be! User-Agent header Cookie header added 8/24/14 Forms, both hidden and explicit URL...