8132 matches found
Design/Logic Flaw
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors...
CVE-2012-2340
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors...
CVE-2012-2340
The CVE-2012-2340 entry applies to the Drupal Contact Forms module (7.x-1.x) prior to 7.x-1.2. The vulnerability arises from permissions not being sufficiently restrictive, allowing remote authenticated users with the 'access the site-wide contact form' permission to modify the module settings vi...
WordPress Custom Contact Forms Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit Custom Contact Forms 1. Cross-site scripting reflected 1.1. http://127.0.0.1/wp-admin/options-general.php name of an arbitrarily supplied request parameter 1.2. http://127.0.0.1/wp-admin/options-general.php name of an...
SA-CONTRIB-2012-074 - Contact Forms - Access Bypass
CVE: CVE-2012-2340 This module expands the features of the site wide contact form. It eliminates the drop down category menu by generating a clean looking contact form without a drop down menu with a unique path for each of the contact form categories. The module allowed users to edit the Contact...
CVE-2012-1710
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709...
CVE-2012-1709
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1710...
Design/Logic Flaw
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709...
Design/Logic Flaw
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1710...
CVE-2012-1710
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709...
CVE-2012-1709
CVE-2012-1709 targets Oracle WebCenter Forms Recognition via the CroProj.dll ActiveX control. The vulnerability stems from insufficient input validation, enabling a remote attacker to trigger a directory traversal that could yield arbitrary code execution in the context of the target browser when...
CVE-2012-1710
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709...
CVE-2012-1710
CVE-2012-1710 affects Oracle WebCenter Forms Recognition in Oracle Fusion Middleware 10.1.3.5. Multiple ActiveX components (CroProj.dll and Sssplt30.ocx) are vulnerable to directory-traversal flaws that can allow arbitrary file creation/overwrite when a user visits a crafted page. This enables re...
CVE-2012-1709
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1710. Recent...
CVE-2012-1710
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709. Recent...
Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite
Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...
Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite
Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...
Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite
Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...
Oracle WebCenter Forms Recognition Sssplt30.ocx ActiveX Control Remote Code Execution Vulnerabilty
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Forms Recognition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Oracle Forms Recognition CroScPlt.dll ActiveX Control Remote Code Execution Vulnerabilty
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Forms Recognition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...