CVE-2025-55275 HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user...

EUVD-2012-5866

Malware in sbrugna...

EUVD-2010-3026

Malware in sbrugna...

EUVD-2015-5934

Malware in sbrugna...

EUVD-2015-3045

Malware in sbrugna...

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

CVE-2024-52053 Stored Cross-Site Scripting in Wowza Streaming Engine

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts...

CVE-2024-23910

Cross-site request forgery CSRF vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B a...

SUSE CVE-2010-0540

Cross-site request forgery CSRF vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings...

PT-2019-17865 · Unknown · Smart Forms

Name of the Vulnerable Software and Affected Versions: Smart Forms versions 2.6.15 and earlier Description: A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators via a specially crafted page. Recommendations: For versions 2.6.15 and earlier,...

Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload

Technical Details & Description: ================================ The security risk of the xss vulnerability is estimated as medium with a common vulnerability scoring system count of 3.6. Exploitation of the persistent xss web vulnerability requires a limited editor user account with low...

Craft CMS 2.6 Cross Site Scripting / File Upload

Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip Version: 2.6 Tested on: Kali Linux 2.0 | Windows 8.1...

CVE-2017-8930

CVE-2017-8930 refers to multiple CSRF vulnerabilities in the open-source Simple Invoices 2013.1.beta.8. The issues allow remote attackers to hijack admin authentication and perform privileged actions, including: creating new administrator accounts and taking over the application, creating regular...

Manage Engine OPutils 8.0 Cross Site Request Forgery / Cross Site Scripting

================================================== CSRF and XsS In Manage Engine oputils ================================================== . contents:: Table Of Content Overview ======== Title : CSRF and XSS In Manage Engine OPutils Author: Kaustubh G. Padwad Plugin Homepage:...

CVE-2015-4108

CVE-2015-4108 affects Wing FTP Server up to version 4.4.6. The vulnerability is a set of cross-site request forgery (CSRF) flaws in the admin interface that can hijack administrator authentication for requests to admin_lua_script.html (arbitrary code execution potential) or admin_addadmin.html (a...

CVE-2015-3950

Cross-site request forgery CSRF vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request...

CVE-2015-3950

Cross-site request forgery CSRF vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request...

Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery

=============================================================================== CSRF/Stored XSS Vulnerability in Manage Engine Asset Explorer =============================================================================== . contents:: Table Of Content Overview ======== Title :CSRF/Stored XSS...

CVE-2015-2083

Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...

WordPress O2Tweet 0.0.4 CSRF / XSS

Title: CSRF/XSS Vulnerability in O2Tweet WP Plugin Author: Manideep K CVE -ID: CVE-2014-9338 Plugin Homepage: https://wordpress.org/plugins/o2tweet/ Version Affected: 0.0.4 probably lower versions Severity: High Description: Vulnerable Parameter: o2tusername, o2ttags etc About Vulnerability: This...