EUVD-2011-0923

Malware in sbrugna...

CVE-2011-0535

Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...

CVE-2011-0535

Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...

CVE-2011-0911

Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...

CVE-2011-0535

CVE-2011-0535 affects Zikula’s Users module prior to version 1.2.5. The vulnerability is a CSRF flaw that lets an attacker hijack administrator sessions and perform privilege changes via an edit_access_permissions action to index.php. Root cause: CSRF in the Users module. Impact per source: unaut...

CVE-2011-0535

creationtimestamp| type| source ---|---|--- 2011-02-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16097...