Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth Firmware
Pepperl-fuchs Wha-gw-f2d2-0-as-z2-eth.eip Firmware
4.3
CVSSv2
CVE-2022-1695
The WP Simple Adsense Insertion WordPress plugin prior to 2.1 does not perform CSRF checks on updates to its admin page, allowing an malicious user to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.
Tipsandtricks-hq Wp Simple Adsense Insertion
6.8
CVSSv2
CVE-2008-6907
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated b...
2532gigs 2532gigs 1.2.2
1 EDB exploit
5
CVSSv2
CVE-2005-4679
Internet Explorer 6 for Windows XP Service Pack 2 allows remote malicious users to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
Microsoft Ie 6
4.3
CVSSv2
CVE-2011-4274
Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobile prior to 3.1 plug-ins for Movable Type allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676.
Ark-web A-form Pc
Ark-web A-form Pc Mobile
5
CVSSv2
CVE-2015-5493
The Entityform Block module 7.x-1.x prior to 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote malicious users to obtain access to certain entityforms via unspecified vectors.
Entityform Block Project Entityform Block 7.x-1.2
Entityform Block Project Entityform Block 7.x-1.1
Entityform Block Project Entityform Block 7.x-1.x-dev
Entityform Block Project Entityform Block 7.x-1.0
7.5
CVSSv2
CVE-2021-38145
An issue exists in Form Tools up to and including 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_resul...
Formtools Core
6.8
CVSSv2
CVE-2020-12257
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
Rconfig Rconfig 3.9.4
4.3
CVSSv2
CVE-2022-1694
The Useful Banner Manager WordPress plugin up to and including 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an malicious user to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.
Useful Banner Manager Project Useful Banner Manager
3.5
CVSSv2
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and previous versions does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indica...
Jenkins Build Failure Analyzer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »