All Vulnerabilities

WordPress Peter's Login Redirect Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross Site Scripting vulnerability was found in the Peter's Login Redirect WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Paid Memberships Pro Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross Site Scripting vulnerability was found in the Paid Memberships Pro WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress No External Links Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross Site Scripting vulnerability was found in the No External Links WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Ninja Forms Plugin Multiple Cross Site Scripting Vulnerabilities
 Severity:    
 Date Published:  15 Sep 2016
Multiple reflected Cross Site Scripting (XSS) vulnerabilities have been found in the Ninja Forms WordPress Plugin. An attacker can exploit this vulnerability by inserting malicious JavaScript into the browser application.
WordPress Master Slider Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross-Site Scripting vulnerability was found in the Master Slider WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
WordPress Google Forms Plugin Cross Site Scripting Vulnerability
 Severity:    
 Date Published:  15 Sep 2016
A Cross-Site Scripting vulnerability was found in the Google Forms Plugin WordPress Plugin. This vulnerability allows an attacker to perform a actions such as stealing Administrators' session tokens. An attacker has to lure the user into opening a malicious website to exploit this vulnerability.
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
Symfony HttpCache Class Remote Code Execution Vulnerability (CVE-2015-2308)
 Severity:    
 Date Published:  15 Sep 2016
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
WordPress Video Player Multiple SQL injection Vulnerabilities
 Severity:    
 Date Published:  15 Sep 2016
A blind SQL injection vulnerability is found in WordPress Video Player which allows attackers to execute arbitrary SQL commands via unknown parameters.
PHP 'main/rfc1867.c' Remote Denial Of Service Vulnerability
 Severity:    
 Date Published:  07 Sep 2016
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.