WordPress Ninja Forms Plugin - Authorization Bypass

Ninja Forms plugin is prone to an authorization BYPASS vulnerability that allows an attacker to bypass security restrictions and perform unauthorized actions. Solution Update the plugin...

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass source: https://www.securityfocus.com/bid/69740/info The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthoriz...

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass

source: https://www.securityfocus.com/bid/69740/info The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Ninj...

Easy Forms for vBulletin 4.X - Upload Shell Code / Remote Code Execute

Easy Forms vBuletin 4.x have suffers from a remote code execute and upload shell code. This is private exploit. You can buy it at https://0day.today...

PYSEC-2014-7

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

Halon Security Router < 3.2r2 Multiple Vulnerabilities

According to its self-reported version, the instance of Halon Security Router running on the remote host is affected by multiple vulnerabilities : - Multiple reflected cross-site scripting vulnerabilities exist in the web interface due to a failure to sanitize user-supplied input. - Multiple...

TDO Mini Forms 0.13.9 - tdomf-upload-inline.php File Upload Remote Code Execution

The tdo-mini-forms WordPress plugin was affected by a tdomf-upload-inline.php File Upload Remote Code Execution security vulnerability...

A Forms 1.4.0 - a-forms.php a_form_section_page Function message Parameter XSS

The A Forms WordPress plugin was affected by a a-forms.php aformsectionpage Function message Parameter XSS security vulnerability...

A Forms 1.4.0 - a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php aformcssfileselector Function cssfileselection Parameter XSS security vulnerability...

A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php addfieldtosection Function Multiple Parameter XSS security vulnerability...

A Forms 1.4.0 - a-forms.php a_form_initial_page Function Multiple Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php aforminitialpage Function Multiple Parameter XSS security vulnerability...

A Forms 1.4.0 - a-forms.php a_form_shortcode Function Multiple Parameter XSS

The A Forms WordPress plugin was affected by an a-forms.php aformshortcode Function Multiple Parameter XSS security vulnerability...

Easy Contact Forms Export 1.1.0 - Information Disclosure

The easy-contact-forms-exporter WordPress plugin was affected by an Information Disclosure security vulnerability...

WordPress Infusionsoft Gravity Forms Add-on Plugin <= 1.5.6 - XSS

This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...

UBUNTU-CVE-2014-5022

Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...

CVE-2014-5022

Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...

CVE-2014-4599

Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...

Facile Forms 1.x 'catid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27880/info Facile Forms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities

No description provided by source. from http://thomaspollet.blogspot.be/2013/11/Palo-Alto-XSS.html : A couple of bugs exist in Palo Alto Networks PANOS = 5.0.8 which can be exploited to conduct cross-site scripting attacks. - Certificate fields are displayed in the firewall web interface without...