CVE-2014-4162

Multiple cross-site request forgery CSRF vulnerabilities in the Zyxel P-660HW-T1 v3 wireless router allow remote attackers to hijack the authentication of administrators for requests that change the 1 wifi password or 2 SSID via a request to Forms/WLANGeneral1...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Zyxel P-660HW-T1 v3 wireless router allow remote attackers to hijack the authentication of administrators for requests that change the 1 wifi password or 2 SSID via a request to Forms/WLANGeneral1...

CVE-2014-4162

Multiple cross-site request forgery CSRF vulnerabilities in the Zyxel P-660HW-T1 v3 wireless router allow remote attackers to hijack the authentication of administrators for requests that change the 1 wifi password or 2 SSID via a request to Forms/WLANGeneral1...

openSUSE Security Update : chromium (openSUSE-SU-2013:1729-1)

Chromium was updated to 30.0.1599.114 : Stable Channel update: fix build for 32bit systems - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fix...

openSUSE Security Update : chromium (openSUSE-SU-2014:0243-1)

Chromium was updated to version 32.0.1700.102: Stable channel update : - Security Fixes : - CVE-2013-6649: Use-after-free in SVG images - CVE-2013-6650: Memory corruption in V8 - and 12 other fixes - Other : - Mouse Pointer disappears after exiting full-screen mode - Drag and drop files into...

web_spider

This plugin is a classic web spider, it will request a URL and extract all links and forms from the response. Three configurable parameter exist: onlyforward ignoreRegex followRegex IgnoreRegex and followRegex are commonly used to configure the webspider to spider all URLs except the "logout" or...

Soraya Malware Packs Form Grabbing, Memory Scraping Functionality

Malware capable of infecting point-of-sale devices once was a novelty, but it’s quickly becoming more common. Researchers at Arbor Networks have unearthed a new strain of PoS malware called Soraya that can scrape memory and has the ability to intercept information sent from Web forms, a specialty...

PYSEC-2014-110

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

CVE-2014-3792

Cross-site request forgery CSRF vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewToolsPassword and uiViewToolsPasswordConfirm parameters to...

CVE-2014-3792

Cross-site request forgery CSRF vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewToolsPassword and uiViewToolsPasswordConfirm parameters to...

Formidable Forms Pro <= 1.06.02 - ofc_upload_image.php Arbitrary File Upload

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress WordPress plugin was affected by an ofcuploadimage.php Arbitrary File Upload security vulnerability...

WordPress Formidable Forms Remote Code Execution

Exploit Title : wordpress plugin "Formidable Forms" Remote code execution exploit Exploit Author : Manish Kishan Tanwar vendor Link : http://wordpress.org/plugins/formidable/ Version Affected: below verson 1.06.03only pro version Discovered At : IndiShell LAB indishell.in aka indian cyber army Lo...

[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0

Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...

Beetel 450TC2 Cross Site Request Forgery

input type="submi...

Beetel 450TC2 Router Admin Password CSRF Vulnerability

Exploit for hardware platform in category web applications input type="hidden" name="uiViewToolsPasswordConfirm"...

Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability...

Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability. PoC...

Drupal 6.x < 6.31 Forms API Information Disclosure

The remote web server is running a version of Drupal that is 6.x prior to 6.31. It is, therefore, affected by an error related to the HTML form API and the caching of pages for different anonymous users, which could allow sensitive information to be disclosed. Note that Drupal core does not expos...

Drupal 7.x < 7.27 Forms API Information Disclosure

The remote web server is running a version of Drupal that is 7.x prior to 7.27. It is, therefore, affected by an error related to the HTML form API and the caching of pages for different anonymous users, which could allow sensitive information to be disclosed. Note that Drupal core does not expos...

SA-CORE-2014-002 - Drupal core - Information Disclosure

Drupal's form API has built-in support for temporary storage of form state, for example user input. This is often used on multi-step forms, and is required on Ajax-enabled forms in order to allow the Ajax calls to access and update interim user input on the server. When pages are cached for...