29 matches found
Eaton Network Shutdown Module Default Administrator Credentials
The remote Eaton Network Shutdown Module install uses a default set of credentials to control access to its administrative functionality. With this information, an attacker can gain complete access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2008-6673
CVE-2008-6673 affects QuickerSite 1.8.5. The issue is an improper access restriction on admin functionality, allowing remote attackers to perform admin actions via unauthenticated requests: (1) change the admin password through cSaveAdminPW, (2) modify site information such as the contact address...
Authentication flaw
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...
Cross site scripting
Allonsvoter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 adminajouter.php or 2 adminsupprimer.php. NOTE: this could be leveraged to conduct cross-site scripting XSS attacks...
EUVD-2007-0869
nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...
CVE-2007-0874
Allonsvoter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 adminajouter.php or 2 adminsupprimer.php. NOTE: this could be leveraged to conduct cross-site scripting XSS attacks...
CVE-2004-2559
DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including 1 Mediaselectiondialog, 2 Recent changes, 3 feed, and 4 search, possibly due to the lack of ACL checks...
CVE-2004-2559
CVE-2004-2559 affects DokuWiki prior to 2004-10-19. The issue allows remote attackers to access administrative functions (Mediaselectiondialog, Recent changes, feed, search) due to missing ACL checks. This can impact confidentiality, integrity, and availability as reflected by CVSS metrics (AV:N/...
CVE-2004-2559
DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including 1 Mediaselectiondialog, 2 Recent changes, 3 feed, and 4 search, possibly due to the lack of ACL checks...