Lucene search
K

129 matches found

CVE
CVE
added 2021/06/21 6:15 p.m.100 views

CVE-2021-32697

The CVE-2021-32697 issue affects the Neos Form framework (neos/forms) where a crafted GET request with a valid form state can submit a form without triggering validators. The form state is protected by an HMAC that is still verified, so exploitation requires that Form Finishers may run actions ev...

6.5CVSS5.5AI score0.01124EPSS
Exploits0References5Affected Software1
ThreatPost
ThreatPost
added 2021/04/12 6:12 p.m.38 views

IcedID Circulates Via Web Forms, Google URLs

Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a...

7.3AI score
Exploits0References7
Github Security Blog
Github Security Blog
added 2020/09/03 7:16 p.m.24 views

Malicious Package in pensi-scheduler

Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.2 views

The vulnerability of the SiTex development platform’s SiTex-Gosuslu component, which stems from the absence of a CSRF token in web forms, allows actions to be performed on behalf of users, including administrators.

The vulnerability of the SiTex-Service component of the distributed application development platform involves the absence of a CSRF token in web forms. Exploiting this vulnerability allows an attacker to execute cross-site requests on behalf of users, including administrators, through a specially...

7.5CVSS5.5AI score
Exploits0Affected Software1
Prion
Prion
added 2020/03/19 6:15 p.m.11 views

Cross site scripting

A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...

4.3CVSS6.2AI score0.00691EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/09/10 12:0 a.m.4 views

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s entity Tra: The lack of a CSRF token in web forms allows actions to be performed on behalf of users, including administrators.

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s Tra: Pharmaceutical Supply relates to the absence of a CSRF token in web forms. Exploiting this vulnerability allows a malicious actor to execute cross-site requests on behalf of...

7.5CVSS5.5AI score
Exploits0Affected Software1
Veracode
Veracode
added 2019/06/10 3:55 a.m.8 views

Malicious Package

radic-util contains malicious code. The code when executed in the browser would get password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/10 12:0 a.m.58 views

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting

Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Date: April 6, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-524 - V2.06RU CVE : CVE-2019-11017 To re-create Reflect...

4.8CVSS5.1AI score0.01515EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.314 views

WordPress Ninja Forms 3.3.17 Cross Site Scripting

Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox CVE :...

6.3AI score0.08903EPSS
Exploits5
CNVD
CNVD
added 2018/09/26 12:0 a.m.6 views

Jobs Factory SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Jobs Factory component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form submission or...

9.8CVSS9.7AI score0.03213EPSS
Exploits5References1
Cvelist
Cvelist
added 2018/07/13 8:0 p.m.28 views

CVE-2016-9483 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

8.7AI score0.03471EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.25 views

Security Bulletin: Cross Site Scripting vulnerability in responsive coach view of IBM Business Process Manager (CVE-2016-9731)

Summary One of the responsive coach views that can be used by customers to build responsive web forms that interact with business processes is vulnerable to cross site scripting. Vulnerability Details CVEID: CVE-2016-9731 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site...

5.4CVSS0.7AI score0.00538EPSS
Exploits0Affected Software3
Kitploit
Kitploit
added 2018/05/23 2:12 p.m.37 views

Dumpzilla - Extract All Forensic Interesting Information Of Firefox, Iceweasel And Seamonkey Browsers

Dumpzilla official site : www.dumpzilla.org http://www.dumpzilla.org "Mozilla browser forensic tool" Manual : Español http://dumpzilla.org/Manualdumpzillaes.txt "Manual en español de dumpzilla" / English http://dumpzilla.org/Manualdumpzillaen.txt "Dumpzilla english Manual" SO : Unix / Win...

7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2018/05/21 12:0 a.m.65 views

Schneider Electric PLCs Cross Site Request Forgery

Exploit Title: Schneider Electric PLCs - Cross-Site Request Forgery Date: 2018-05-12 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Tested on: Windows CVE: CVE-2013-0663 Version: Schneider Electric Quantum PLC: 140NOE77111, 140NOE77101, 140NWM10000 Modicon M340 PLC...

6.8CVSS0.3AI score0.0596EPSS
Exploits4
OSV
OSV
added 2017/12/16 2:29 a.m.3 views

CVE-2017-14092

The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

8.8CVSS5.8AI score0.00885EPSS
Exploits1References2
OSV
OSV
added 2017/07/17 9:29 p.m.6 views

CVE-2017-9810

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

8.8CVSS5.8AI score0.01932EPSS
Exploits5References6
CNVD
CNVD
added 2017/04/22 12:0 a.m.2 views

Reflected Cross-Site Scripting Vulnerability in 'keyword' Parameter of Qibo B2B Commerce System

Qibo B2B business system is an open source content management system . Qibo B2B Commerce System 'keyword' parameter reflects cross-site scripting vulnerability. Allows attackers to insert XSS execution code into web forms, there are phishing attacks, user cookie theft and other security risks...

6.1AI score
Exploits0
OSV
OSV
added 2017/04/13 7:59 p.m.6 views

CVE-2016-8726

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server...

7.5CVSS5.8AI score0.01405EPSS
Exploits2References1
OSV
OSV
added 2017/03/13 6:59 a.m.3 views

CVE-2017-6180

Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng and the entire set of other pages...

8.8CVSS5.8AI score0.00477EPSS
Exploits1References1
Kitploit
Kitploit
added 2016/01/05 10:0 p.m.78 views

Sawef - Send Attack Web Forms

SAWEF - Send Attack Web Forms DESCRIPTION The purpose of this tool is to be a Swiss army knife for anyone who works with HTTP, so far it she is basic, bringing only some of the few features that want her to have, but we can already see in this tool: - Email Crawler in sites - Crawler forms on the...

7.2AI score
Exploits0References1
Rows per page
Query Builder