183 matches found
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)
NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)
HTML Decoded PoC: history.pushState'', '', '/'...
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion Vulnerabilities
Exploit for jsp platform in category web applications ''' Exploit Title: Add User Account with Admin Privilege without Login & Local File Inclusion Date: 2017-05-21 Exploit Author: f3ci Vendor Homepage: http://www.netgain-systems.com Software Link:...
Nagios Network Analyzer create Cross-Site Request Forgery
A cross-site request forgery vulnerability exists in the create user interface of Nagios Network Analyzer. The vulnerability is due to a lack of CSRF protection on the user creation form in createuser.php. A remote, unauthenticated attacker can exploit this vulnerability by enticing an...
Cisco Unified Intelligence Center Security Mechanism Bypass Vulnerability
Cisco Unified Intelligence Center is the management center for Cisco's Unified Communications system. A security mechanism bypass vulnerability exists in Cisco Unified Intelligence Center that could be exploited by a remote attacker to create user accounts by submitting a special request...
Cross site scripting
Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...
Cisco Spark REST Interface Access Bypass Vulnerability
Cisco Spark is a collaboration services solution. A security vulnerability in the REST interface of Cisco Spark allows remote attackers to bypass established access restrictions by sending web requests to create arbitrary user accounts...
CVE-2016-1322
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584...
Elite CMS 1.01 Multiple XSS/CSRF Vulnerabilities
No description provided by source. Name: Elite CMS 1.01 Multiple XSS/CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sat 10 Jul 2010 08:05:44 PM EEST Vendor: http://elitecms.net/ Download: http://elitecms.net/download.php?download=eliteCMS -= CSRF PoC 1 - Change Admin Password =- html...
Ovidentia 7.9.6 - Multiple Vulnerabilities
Exploit Title: Ovidentia 7.9.6 Multiple Vulnerabilities Author: sajith version: Ovidentia 7.9.6 Vendor Homepage: http://www.ovidentia.org/ vulnerable app link:http://www.ovidentia.org/telecharger 1SQL injection vulnerability Log into admin panel and access delegate functionality managing...
FortiAnalyzer 5.0.4 - CSRF Vulnerability
Exploit for php platform in category web applications CertR no respond my email, not Fortinet has not given the credits. I. VULNERABILITY ------------------------- CSRF vulnerabilities in OS of fortianalyzer 5.0.4 II. BACKGROUND ------------------------- Fortinet’s industry-leading, Network...
CVE-2013-1956
The createuserns function in kernel/usernamespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call...
CVE-2012-6508
Multiple cross-site request forgery CSRF vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; 2 create a user or...
Hycus CMS 1.0.1 Cross Site Request Forgery
Date: Thu 26 Aug 2010 07:53:22 PM EEST Vendor: http://www.hycus.com/ Download: http://www.hycus.com/download/hycuscms-1.0.1.zip --- -= CSRF PoC 1 - Change Admin Password =- Hycus CMS 1.0.1 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User =- Hycus CMS 1.0.1...
Hycus CMS 1.0.1 Multiple Cross Site Request Forgery Vulnerabilities
Exploit for php platform in category web applications =================================================================== Hycus CMS 1.0.1 Multiple Cross Site Request Forgery Vulnerabilities =================================================================== Date: Thu 26 Aug 2010 07:53:22 PM EEST...
Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
Date: Thu 26 Aug 2010 07:53:22 PM EEST Vendor: http://www.hycus.com/ Download: http://www.hycus.com/download/hycuscms-1.0.1.zip --- -= CSRF PoC 1 - Change Admin Password =- Hycus CMS 1.0.1 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User =- Hycus CMS 1.0.1...
Zomplog 3.9 - Cross-Site Scripting / Cross-Site Request Forgery
Date: Sun 15 Aug 2010 04:33:33 PM EEST Vendor: http://www.zomp.nl/zomplog/ Download: http://www.zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip --- -= CSRF PoC 1 - Change Admin Password =- Zomplog CMS 3.9 Multiple XSS/CSRF Vulnerabilities - Change Admin Password input type="hidden"...
Elite CMS 1.01 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
Name: Elite CMS 1.01 Multiple XSS/CSRF Vulnerabilities Author: 10n1z3d Date: Sat 10 Jul 2010 08:05:44 PM EEST Vendor: http://elitecms.net/ Download: http://elitecms.net/download.php?download=eliteCMS -= CSRF PoC 1 - Change Admin Password =- Elite CMS 1.01 Multiple XSS/CSRF Vulnerabilities - Chang...
Design/Logic Flaw
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege...
CVE-2010-0860
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege...