198 matches found
ZOHO NetFlow Analyzer Authentication Bypass Vulnerability
ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. A security vulnerability exists in ZOHO NetFlow Analyzer due to a failure of the program to perform administrator...
ShopBuilder 5.6.1 /module/patment/admin/bank_account_mod.php SQL注入漏洞
No description provided by source. !/usr/bin/env python coding=utf-8 import re import urllib2 from comm import cmdline from comm import generic pocinfo = 'VulId': '1567', 'Name': 'ShopBuilder 5.6.1 /module/patment/admin/bankaccountmod.php SQL注入漏洞 POC', 'AppName': 'ShopBuilder', 'AppPowerLink':...
Design/Logic Flaw
Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action...
CVE-2014-4963
Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action...
ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation
Exploit for php platform in category web applications import sys,getopt,cookielib,urllib2,urllib ZeroCMS 1.0 zerotransactuser.php Impropper Form post hanling, parameter polution Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ author: email protected Tested on: php 5.4....
CVE-2014-2033
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...
CVE-2014-2033
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...
Design/Logic Flaw
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...
CVE-2013-6171
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the...
PrestaShop 1.5.4 Cross Site Request Forgery
View online: http://demo-store.prestashop.com/en/ Advisory ID: PRESTASHOP Version: 1.5.4 Date: 2013-July-11 Security risk: Moderately critical 2 Exploitable from: Remote Vulnerability: Cross Site Request Forgery -------- DESCRIPTION --------------------------------------------------------- With...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user account or 2 reconfigure the state of the FTP service, as demonstrated by a...
CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
CVE-2011-1950
plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...
EasyTalk microblogging arbitrarily modify account vulnerability-vulnerability warning-the black bar safety net
Author: mind Vulnerability found in the latest version 5.01 the old version not the source code I do not know whether there Then again..look at the code...... See the file catalog file op.php ? php include'common.inc.php'; //load global variable $op = $GET'op'?$ GET'op':'login'; // because the...
CVE-2010-4408
Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a 1 unattended...
Cuteflow 2.10.3 - 'edituser.php' Security Bypass
It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the application not properly restricting access ...
CVE-2009-1767
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the 1 loginname, 2 password, 3 email, 4 firstname, or 5 lastname parameter...
Cisco Voice Portal privilege escalation
User granted administrator privileges can modify accounts of superusers...
Apple Mac OS X Keychain安全绕过漏洞
BUGTRAQ ID: 26877 CVE ID:CVE-2007-5862 CNCVE ID:CNCVE-20075862 Apple Mac OS X是一款商业性质的基于BSD的操作系统。 Apple Mac OS X在执行部分操作时不正确验证用户信任信息,远程攻击者可以利用漏洞进行安全绕过攻击,修改其他用户帐户等操作。 Keychain升级的访问检查可绕过,特定构建的JAVA APPLET可增加或删除用户keychain中的项目而不对用户进行任何提示操作。可能导致修改其他用户帐户等攻击。 Apple Mac OS X Server 10.4.11 Apple Mac OS X...