CVE-2011-3582

A Cross-site Request Forgery CSRF vulnerability exists in Advanced Electron Forums AEF through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions...

CVE-2011-3582

CVE-2011-3582 affects Advanced Electron Forums (AEF) up to version 1.0.9. The issue is a Cross-site Request Forgery (CSRF) vulnerability caused by inadequate confirmation for sensitive administrator actions. The description across sources confirms the admin function CSRF exposure, with no explici...

CVE-2011-2934

A Cross Site Request Forgery CSRF vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions...

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions...

CVE-2011-2934

A Cross Site Request Forgery CSRF vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions...

D-Link DAP-1860 Authorization Issues Vulnerability

The D-Link DAP-1860 is a WiFi range extender from AUO D-Link of Taiwan, China. The D-Link DAP-1860 is vulnerable to an authorization issue. An attacker can exploit the vulnerability to gain unauthenticated access to administrator functions with the help of a timestamp value in the HNAPAUTH header...

Information disclosure

DISPUTED PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator accou...

CVE-2019-16387

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/randomtoken/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchemaListDatabases request while using a low-privilege account. This can perform actions and retrieve data that only an administrator should have access to. NOTE: The vendor states that...

CVE-2019-3910

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device...

JasperReports - Authenticated File Read Vulnerability

Exploit for multiple platform in category web applications TIBCO’s JasperReports string = wrapper.getParameterValues"page" To: getResource @ DirResourceSet.java:101 file = new File/home/rhino/jasperreports...mcat/webapps/jasperserver,"/WEB-INF/jsp/modules/administer/adminImport.jsp" Due to a lack...

CVE-2014-9148

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the 1 "Install and Update" or 2 Backup super administrator function via the view parameter in a direct request to fiyo/dapur...

Open-Realty CMS 3.x Cross Site Request Forgery

OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Cross Site Request Forgery. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site...

ocPortal CMS 8.x Cross Site Request Forgery

OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Cross-site Request Forgery CSRF / XSRF. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to...

CMSPro! 2.08 - Cross-Site Request Forgery

CMSPro! 2.08 CSRF Vulnerability Title : CMSPro! 2.08 Cross Site Request Forgery CSRF Vulnerability Software : CMSPro! Version : 2.08 Site : http://www.wojoscripts.com/cmspro/ or http://codecanyon.net/item/cms-pro-lightweight-content-management-system/140078 Author : Xadpritox Email :...

CMSPro! 2.08 - Cross-Site Request Forgery

CMSPro! 2.08 - Cross-Site Request Forgery CMSPro! 2.08 CSRF Vulnerability Title : CMSPro! 2.08 Cross Site Request Forgery CSRF Vulnerability Software : CMSPro! Version : 2.08 Site : http://www.wojoscripts.com/cmspro/ or http://codecanyon.net/item/cms-pro-lightweight-content-management-system/1400...

Zikula CMS CSRF Vulnerability

This host is running Zikula and is prone to cross-site request forgery vulnerability. OpenVAS Vulnerability Test $Id: gbzikulacsrfvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Zikula CMS CSRF Vulnerability Authors: Madhuri D - Updated By: Madhuri D on 2011-02-11 - Added CVE Copyright: Copyright c...

Design/Logic Flaw

The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php...

CVE-2006-3935

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...

CVE-2006-3935

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...

Episodex Guestbook Unauthorized Access and HTML Injection Vulnerability

The remote host is running the Episodex Guestbook, a guestbook written in ASP. The remote version of this software contains an input validation flaw leading to the execution on attacker supplied HTML and script code. In addition an unauthenticated remote attacker can directly access administrator...