12 matches found
EUVD-2008-0210
Malware in sbrugna...
EUVD-2008-0209
Malware in sbrugna...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm for WordPress: Spamming, Envolution: crossite scripting, informaiton leak...
Abuse of Functionality vulnerability in WP-ContactForm for WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Abuse of Functionality уязвимости в плагине WP-ContactForm для WordPress. Abuse of Functionality: На странице контактов есть функция “Copy yourself on the form submission”. Она включается в настройках Copy Option и приводит к тому, что через сайт...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 wpcfquestion, 2 wpcfsuccessmsg, or 3 wpcferrormsg parameter to...
CVE-2008-0197
CVE-2008-0197 corresponds to multiple XSS vulnerabilities in WP-ContactForm 1.5 alpha and earlier for WordPress. The flaws allow remote attackers to inject arbitrary script/HTML via parameters (wpcf_email, wpcf_subject, wpcf_question, wpcf_answer, wpcf_success_msg, wpcf_error_msg, wpcf_msg) to wp...
CVE-2008-0198
Multiple cross-site request forgery CSRF vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 wpcfquestion, 2 wpcfsuccessmsg, or 3 wpcferrormsg parameter to...
CVE-2008-0198
CVE-2008-0198 documents multiple CSRF vulnerabilities in the WP-ContactForm WordPress plugin (versions 1.5 alpha and earlier) affecting the admin endpoint. The flaw occurs in wp-admin/admin.php via parameters wpcf_question, wpcf_success_msg, or wpcf_error_msg, allowing remote attackers to perform...
CVE-2008-0197
Multiple cross-site scripting XSS vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 wpcfemail, 2 wpcfsubject, 3 wpcfquestion, 4 wpcfanswer, 5...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm: Crossite scripting...
XSS vulnerabilities in WP-ContactForm
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в WP-ContactForm. Это плагин для WordPress. Данные уязвимости - это persistent XSS. Уязвима версия плагина WP-ContactForm 1.5 alpha и предыдущие. Ранее я уже писал про уязвимости в WP-ContactForm...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WP-ContactForm: CAPTCHA bypass and XSS...