All Vulnerabilities
WordPress Easy Forms For MailChimp Local File Inclusion Vulnerability
Severity:
Date Published:  15 Sep 2016
Easy Forms for MailChimp WordPress plugin is vulnerable to Local File Inclusion vulnerability.An attacker can exploit this issue to run arbitrary PHP code on the target system.
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
References
WordPress Contact Form To Email Plugin Cross Site Scripting Vulnerability
Severity:
Date Published:  15 Sep 2016
A reflected Cross Site Scripting (XSS) vulnerability has been found in the Contact Form to Email WordPress Plugin. By using this vulnerability an attacker can inject malicious JavaScript code into the application, which will execute within the browser of any logged-in admin who views the page with injected code.
WordPress Code Snippets Plugin Cross Site Scripting Vulnerability
Severity:
Date Published:  15 Sep 2016
A reflected Cross Site Scripting (XSS) vulnerability exists in the Code Snippets WordPress Plugin. Successful exploitation of this vulnerability could lead an attacker into injecting malicious JavaScript into the application.
WordPress Ajax Load More Plugin Local File Inclusion Vulnerability
Severity:
Date Published:  15 Sep 2016
Ajax Load More WordPress plugin is vulnerable to Local File Inclusion vulnerability.An attacker can exploit this issue to run arbitrary PHP code on the target system.
An SQL injection vulnerability has been detected in Joomla component Videoflow which allows attackers to execute arbitrary SQL commands via unknown parameters.
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
Severity:
Date Published:  15 Sep 2016
Adobe Acrobat and Reader is prone to a use after free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.
Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
Severity:
Date Published:  15 Sep 2016
Adobe Acrobat and Reader is prone to an integer overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.
WordPress WooCommerce Plugin Persistent Cross Site Scripting Vulnerability
Severity:
Date Published:  15 Sep 2016
A persistent Cross Site Scripting (XSS) vulnerability has been found in the WooCommerce WordPress Plugin. An attacker can create a specially crafted image file which, when uploaded as a product image in WordPress, injects malicious JavaScript code into the application. An attacker can use this vulnerability to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, and performing arbitrary actions on their behalf.