Lucene search
PRIOn knowledge basePRION:CVE-2010-3024HistoryAug 16, 2010 - 8:00 p.m.
Cross site request forgery (csrf)
2010-08-1620:00:00
PRIOn knowledge base
www.prio-n.com
1
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site’s configuration.
| CPE | Name | Operator | Version |
|---|---|---|---|
| diamondlist | eq | 0.1.6 |
References
dev.hulihanapplications.com/issues/show/212
osvdb.org/66918
packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txt
secunia.com/advisories/40873
www.htbridge.ch/advisory/xsrf_csrf_in_diamondlist.html
exchange.xforce.ibmcloud.com/vulnerabilities/60937
marc.info/?l=bugtraq&m=128104130309426&w=2
www.exploit-db.com/exploits/14565
Related
cve
cve
CVE-2010-3024
2010-08-16 20:00:03
cvelist
cvelist
CVE-2010-3024
2010-08-16 19:00:00
nvd
nvd
CVE-2010-3024
2010-08-16 20:00:03
htbridge
htbridge
Multiple Vulnerabilities in DiamondList
2010-07-22 00:00:00