121 matches found
McAfee Network Data Loss Prevention Session Hijacking Vulnerability (CNVD-2017-07550)
McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from a session-side hijacking vulnerability in the server implementation, which can be exploited by remote attackers to view, add, and delete users by modifying HTTP request...
Admidio 3.2.8 - Cross-Site Request Forgery
Admidio 3.2.8 - Cross-Site Request Forgery Exploit Title :Admidio 3.2.8 CSRF to Delete Users Date: 28/April/2017 Exploit Author: Faiz Ahmed Zaidi Organization: Provensec LLC Website: http://provensec.com/ Vendor Homepage: https://www.admidio.org/ Software Link: https://www.admidio.org/download.ph...
CVE-2017-8099
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request...
WordPress Plugin WHIZZ 1.1.1 - Cross-Site Request Forgery
WordPress Plugin WHIZZ 1.1.1 - Cross-Site Request Forgery ====== Software: WordPress WHIZZ Version: active or disactive plugins: Mitigations ================ Disable the plugin until a new version is released that fixes this bug. FIX: ========== https://wordpress.org/plugins/whizz/ 1.1.1...
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
====== Software: WordPress WHIZZ Version: active or disactive plugins: Mitigations ================ Disable the plugin until a new version is released that fixes this bug. FIX: ========== https://wordpress.org/plugins/whizz/ 1.1.1 changelog-Specifically...
Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-03386)
Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in Fastspot BigTree CMS versions 4.1.18 and 4.2.16. A remote attacker can exploit this vulnerability to delete users with...
Apache Jetspeed User Manager Unauthorized Operation Vulnerability
Apache Jetspeed is the United States Apache Apache Software Foundation's use of Java and XML development of a set of open portal platforms and enterprise information portals. User Manager service is one of the user management services. An unauthorized operation vulnerability exists in the User...
Apache Jetspeed User Management REST API Unauthorized Access Vulnerability
Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...
CVE-2015-1559
Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...
Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF
No description provided by source. Exploit Title: Bulk Delete Users by Email, Wordpress Plugin 1.0 - CSRF Google Dork: N/A Date: 05.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage - http://www.speakdigital.co.uk/ Software Link:...
WordPress Bulk Delete Users by Email Plugin 1.0 - CSRF
Bulk Delete Users by Email plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Update the plugin...
Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: Bulk Delete Users by Email, Wordpress Plugin 1.0 - CSRF Google Dork: N/A Date: 05.09.2014 Exploit Author: Fikri Fadzil - email protected Vendor Homepage - http://www.speakdigital.co.uk/ Software Link:...
CVE-2014-3849
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...
DEBIAN-CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
Cross site request forgery (csrf)
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php...
ContaoCMS 2.11.0 Cross Site Request Forgery
+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : ContaoCMS fka TYPOlight...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that 1 delete users via the delete action in the ma2 parameter or 2 create...
RoomPHPlanning 1.6 Multiple Remote Vulnerabilities
No description provided by source. o o o O O ooooooo 0 oooo OOOo o o o O O O 0 0 0 o o o o o O O O 0 0000 oooo ooooo o o oooooo o o O O O 0 0 0 0 0 0 o o O O o o O OO 0 0 0 oooo ooooo oooo OOOOOO oooooo O O O 0 0 0 0 0 0oooo0 + RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities +...
roomphplanning 1.6 - Multiple Vulnerabilities
o o o O O ooooooo 0 oooo OOOo o o o O O O 0 0 0 o o o o o O O O 0 0000 oooo ooooo o o oooooo o o O O O 0 0 0 0 0 0 o o O O o o O OO 0 0 0 oooo ooooo oooo OOOOOO oooooo O O O 0 0 0 0 0 0oooo0 + RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities + Discovered By : ThE g0bL!N + Greetz : All ...