Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2010-3260
oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms prior to 3.9 does not properly restrict DTDs in Ajax requests, which allows remote malicious users to read arbitrary files or send HTTP requests to intranet servers...
Orbeon Forms 3.7.1
Orbeon Forms 3.6
Orbeon Forms 3.5
Orbeon Forms 3.0
Orbeon Forms 2.2
Orbeon Forms 2.1
Orbeon Forms 2.0
Orbeon Forms 1.5
Orbeon Forms 3.8
Orbeon Forms 2.8
Orbeon Forms 2.6
Orbeon Forms
Orbeon Forms 2.7
Orbeon Forms 2.5
7.5
CVSSv2
CVE-2014-6446
The Infusionsoft Gravity Forms plugin 1.5.3 up to and including 1.5.10 for WordPress does not properly restrict access, which allows remote malicious users to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.10
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.4
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.6
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.7.2
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.8.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.3
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.4.1
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.5
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9
Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms 1.5.9.2
1 EDB exploit
7.2
CVSSv2
CVE-2005-2372
Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows malicious users to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the ...
Oracle Forms 10g
Oracle Forms 3.0
Oracle Forms 6.0
Oracle Forms 6i
Oracle Forms 9i
Oracle Forms 4.5
Oracle Forms 5.0
7.5
CVSSv2
CVE-2005-1178
SQL injection vulnerability in Oracle Forms 10g allows remote malicious users to execute arbitrary SQL commands via the Query/Where feature.
Oracle Forms 4.5
Oracle Forms 5.0
Oracle Forms 9i
Oracle Forms 10g
Oracle Forms 3.0
Oracle Forms 6.0
Oracle Forms 6i
5
CVSSv2
CVE-2005-3207
The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote malicious users to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.
Oracle Forms 6.0.8.25
Oracle Forms 6i
Oracle Forms 9i
Oracle Forms 10g
Oracle Forms 4.5.10.22
Oracle Forms 5.0
1 EDB exploit
2.1
CVSSv2
CVE-2005-2294
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
Oracle Forms 4.5
Oracle Forms 6.0
Oracle Forms 6i
Oracle Forms 9i
6.8
CVSSv2
CVE-2013-5447
Stack-based buffer overflow in IBM Forms Viewer 4.x prior to 4.0.0.3 and 8.x prior to 8.0.1.1 allows remote malicious users to execute arbitrary code via an XFDL form with a long fontname value.
Ibm Forms Viewer 4.0.0.2
Ibm Forms Viewer 4.0.0.1
Ibm Forms Viewer 4.0.0
Ibm Forms Viewer 8.0.1
Ibm Forms Viewer 8.0.0
1 EDB exploit
4.3
CVSSv2
CVE-2016-0223
Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006.
Ibm Forms Server 8.0.0.0
Ibm Forms Server 8.1.0.0
Ibm Forms Server 8.2.0.0
Ibm Forms Server 4.0.0.0
Ibm Forms Server 8.0.1.0
6
CVSSv2
CVE-2016-2884
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x prior to 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Ibm Forms Experience Builder 8.5.0.0
Ibm Forms Experience Builder 8.5.1.1
Ibm Forms Experience Builder 8.6.1
Ibm Forms Experience Builder 8.6.1.1
Ibm Forms Experience Builder 8.6.2
Ibm Forms Experience Builder 8.6.2.1
Ibm Forms Experience Builder 8.5.1.0
Ibm Forms Experience Builder 8.6.0.0
Ibm Forms Experience Builder 8.6.3
3.5
CVSSv2
CVE-2016-0370
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x prior to 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.
Ibm Forms Experience Builder 8.6.0.0
Ibm Forms Experience Builder 8.6.1
Ibm Forms Experience Builder 8.5.1.0
Ibm Forms Experience Builder 8.5.1.1
Ibm Forms Experience Builder 8.6.1.1
Ibm Forms Experience Builder 8.6.2
Ibm Forms Experience Builder 8.6.2.1
Ibm Forms Experience Builder 8.5.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »