EUVD-2008-6548

Malware in sbrugna...

CVE-2014-9331

Cross-site request forgery CSRF vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATEID/1417736606982/roleMgmt.do...

CVE-2013-4889

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

CVE-2013-4889

CVE-2013-4889 is a vulnerability in Digital Signage Xibo 1.4.2 where CSRF in index.php can hijack administrator sessions by performing actions such as adding a new administrator via the AddUser action. The entry aggregates related issues, noting that this vulnerability enables requests performed ...

PT-2014-2878

Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description The issue allows remote attackers to hijack the authentication of administrators for requests, including adding a new administrator via the AddUser action or conducting cross-site scripting XSS...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to 1 newticket.php or 2 rempass.php, or a URL in the lang parameter in an adduser action to 3 index.php. NOTE: this can also be...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php...

CVE-2009-4173

Cross-site request forgery CSRF vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php...

CVE-2008-6585

Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...

CVE-2008-6585

Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...

CVE-2007-6495

incnewuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named 1 db, 2 www, 3 Special, and 4 log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to...

Remote code execution

incnewuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named 1 db, 2 www, 3 Special, and 4 log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to...