"ecshop modify any user password vulnerability"of the CSRF exploit-vulnerability warning-the black bar safety net

Brief description: ecshop in the design of the authentication mechanism when there is a problem, resulting in malicious users can steal other user's password, this process can be byxssand csrf to achieve Demo For:http://www. tick. org/bugs. php? action=view&id=3 9 5 Detailed description: The use ...

Multiple Vulnerabilities in Linksys WAG200G

Device Name: Linksys WAG200G Vendor: Linksys/Cisco ============ Device Description: ============ The WAG200G is a Linksys Wireless-G ADSL Home Gateway which has a high-speed ADSL2+ modem that gives you a fast connection to the Internet. Source:...

PHP weby directory software 1.2 - Multiple Vulnerabilities

PHP weby directory software 1.2 - Multiple Vulnerabilities =========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Power...

PHP weby directory software 1.2 - Multiple Vulnerabilities

=========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Powered by PHP weby software...

PHP Weby Directory Software 1.2 SQL Injection / Cross Site Request Forgery

=========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Powered by PHP weby software...

WordPress Plugin Developer Formatter - Cross-Site Request Forgery

==================================================================================================================== Exploit Title: Wordpress Developer Formatter CSRF Vulnerability Google Dork: inurl:devformatter/devformatter.php Date: 21/01/13 Author: Junaid Hussain - illSecure Research Group -...

Nexpose Security Console Cross Site Request Forgery

Product: Nexpose Security Console Vendor: Rapid7 Version: //document.forms0.submit; //uncomment to auto-submit /code 2. Lure victim to http://attackersite.com/nexpose-csrf.htm. 3. Site with ID 1 is deleted when form is submitted. Vendor Notified: Yes Vend...

WordPress Sahifa 2.4.0 Cross Site Request Forgery / Path Disclosure

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

WordPress 3.4.2 Cross Site Request Forgery

Exploit for php platform in category web applications ============================================================ Vulnerable Software: WordPress Version 3.4.2 Downloaded from: http://wordpress.org/latest.zip MD5SUM: d670508d81e2fd060c2041441bc03300 wordpress-3.4.2.zip...

WordPress 3.4.2 Cross Site Request Forgery

============================================================ Vulnerable Software: WordPress Version 3.4.2 Downloaded from: http://wordpress.org/latest.zip MD5SUM: d670508d81e2fd060c2041441bc03300 wordpress-3.4.2.zip =========================================================== Tested: php.ini...

BMC Identity Management - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/53924/info Identity Management is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an...

AdaptCMS 2.0.0 CSRF Vulnerability (Add Admin)

Exploit for php platform in category web applications AdaptCMS 2.0.0 CSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script :...

ZShare Embedder CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: ZShare Embedder CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/zshare-embeddergrabber-scriptacula/27263/ Category:: webapps Demo : http://demo.phpmymovie.com/siteadmin/ Greetz: Inj3ct0r Exploit...

Illustrated Bookmarks CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Illustrated Bookmarks CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/plusphp-illustrated-bookmarks/24757/ Category:: webapps Demo : plusphp.com/demos/bookmarks/?module=Authorization Greetz:...

Paypal Subscription Manager CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Paypal Subscription Manager CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/paypal-subscription-manager/19026/ Category:: webapps Demo : http://www.easebayresources.com/psm/admin/ Greetz: Inj3ct...

ContaoCMS (aka TYPOlight) <= 2.11 CSRF (delete admin/delete articles)-vulnerability warning-the black bar safety net

Title: ContaoCMS aka TYPOlight = 2.11 CSRF Delete Admin - Delete Article Author: Ivano Binetti http://ivanobinetti.com Download address: http://www.contao.org/en/download.html The development of this website: http://www.contao.org Affects versions: 2.11.0 latestand earlier Test platform: Debian...

Cisco Linksys WAG54GS CSRF Change Admin Password

Exploit for hardware platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Cisco Linksys WAG54GS ADSL Router change admin password Date : 20-02-2012 Author : Ivano...

Flyspray 0.9.9.6 CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Flyspray 0.9.9.6 CSRF Vulnerability Date: 06 Feb 2012 Author: Vaibhav Gupta Software Link: http://flyspray.org/flyspray-0.9.9.6.zip Version: 0.9.9.6 +---+CSRF Add Admin Account after authentication+---+ CSRF Exploit to add ADMIN...

Open Conference / Journal / Harvester Systems 2.3.x Code Execution

!/usr/bin/python Open Conference/Journal/Harvester Systems = 2.3.X multiple remote code execution vulnerabilities vendor: Public Knowledge Project pkp -http://pkp.sfu.ca/ software link: http://pkp.sfu.ca/download author: mrme::rwx kru email: steventhomasseeley!gmail!com tested on: the interwebz &...

Joomla 1.6.3 CSRF Exploit

No description provided by source. This vulnerability takes advantage of the recent Joomla 1.6.3 XSS vulnerability http://seclists.org/fulldisclosure/2011/Jun/519 to execute a CSRF vulnerability to create a superuser account. / joom163.js Joomla 1.6.3 XSS - CSRF Exploit Greetz to Shardy, Xires &...