Monthly Archive: September 2018

Bludit 2.3.4 allows XSS via a user name. Date published : 2018-09-01 https://blog.csdn.net/F_carry/article/details/81536424

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection. Date published : 2018-09-01 https://www.exploit-db.com/exploits/45234/ https://packetstormsecurity.com/files/148993/WordPress-Ninja-Forms-3.3.13-CSV-Injection.html

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. Date published : 2018-09-01 https://forum.tracker-software.com/viewtopic.php?f=62&t=31419

MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file. Date published : 2018-09-01 https://www.exploit-db.com/exploits/44828/