Lucene search
+L

121 matches found

CNVD
CNVD
added 2017/05/18 12:0 a.m.4 views

McAfee Network Data Loss Prevention Session Hijacking Vulnerability (CNVD-2017-07550)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP suffers from a session-side hijacking vulnerability in the server implementation, which can be exploited by remote attackers to view, add, and delete users by modifying HTTP request...

8CVSS7AI score0.00861EPSS
Exploits0References1
exploitpack
exploitpack
added 2017/04/28 12:0 a.m.51 views

Admidio 3.2.8 - Cross-Site Request Forgery

Admidio 3.2.8 - Cross-Site Request Forgery Exploit Title :Admidio 3.2.8 CSRF to Delete Users Date: 28/April/2017 Exploit Author: Faiz Ahmed Zaidi Organization: Provensec LLC Website: http://provensec.com/ Vendor Homepage: https://www.admidio.org/ Software Link: https://www.admidio.org/download.ph...

3.5CVSS0.8AI score0.02626EPSS
Exploits5
OSV
OSV
added 2017/04/24 6:59 p.m.4 views

CVE-2017-8099

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request...

8.1CVSS5.8AI score
Exploits0References2
exploitpack
exploitpack
added 2017/04/07 12:0 a.m.18 views

WordPress Plugin WHIZZ 1.1.1 - Cross-Site Request Forgery

WordPress Plugin WHIZZ 1.1.1 - Cross-Site Request Forgery ====== Software: WordPress WHIZZ Version: active or disactive plugins: Mitigations ================ Disable the plugin until a new version is released that fixes this bug. FIX: ========== https://wordpress.org/plugins/whizz/ 1.1.1...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/07 12:0 a.m.42 views

WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery

====== Software: WordPress WHIZZ Version: active or disactive plugins: Mitigations ================ Disable the plugin until a new version is released that fixes this bug. FIX: ========== https://wordpress.org/plugins/whizz/ 1.1.1 changelog-Specifically...

7AI score
Exploits0
CNVD
CNVD
added 2017/03/17 12:0 a.m.17 views

Fastspot BigTree CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-03386)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site request forgery vulnerability exists in Fastspot BigTree CMS versions 4.1.18 and 4.2.16. A remote attacker can exploit this vulnerability to delete users with...

7.1CVSS6.9AI score0.00382EPSS
Exploits1References1
CNVD
CNVD
added 2016/04/12 12:0 a.m.6 views

Apache Jetspeed User Manager Unauthorized Operation Vulnerability

Apache Jetspeed is the United States Apache Apache Software Foundation's use of Java and XML development of a set of open portal platforms and enterprise information portals. User Manager service is one of the user management services. An unauthorized operation vulnerability exists in the User...

7.5CVSS6.7AI score0.42673EPSS
Exploits0References1
CNVD
CNVD
added 2016/03/09 12:0 a.m.37 views

Apache Jetspeed User Management REST API Unauthorized Access Vulnerability

Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...

8.8CVSS6.8AI score0.52351EPSS
Exploits5References1
Cvelist
Cvelist
added 2015/02/10 5:0 p.m.31 views

CVE-2015-1559

Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...

7.2AI score0.00779EPSS
Exploits1References7
seebug.org
seebug.org
added 2014/09/18 12:0 a.m.23 views

Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF

No description provided by source. Exploit Title: Bulk Delete Users by Email, Wordpress Plugin 1.0 - CSRF Google Dork: N/A Date: 05.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage - http://www.speakdigital.co.uk/ Software Link:...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2014/09/08 12:0 a.m.9 views

WordPress Bulk Delete Users by Email Plugin 1.0 - CSRF

Bulk Delete Users by Email plugin is prone to a cross-site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Update the plugin...

4.9AI score
Exploits0References1Affected Software1
0day.today
0day.today
added 2014/09/08 12:0 a.m.24 views

Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Bulk Delete Users by Email, Wordpress Plugin 1.0 - CSRF Google Dork: N/A Date: 05.09.2014 Exploit Author: Fikri Fadzil - email protected Vendor Homepage - http://www.speakdigital.co.uk/ Software Link:...

7.1AI score
Exploits0
NVD
NVD
added 2014/05/23 2:55 p.m.19 views

CVE-2014-3849

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...

4.3CVSS6.8AI score0.05973EPSS
Exploits1References4
OSV
OSV
added 2014/01/21 1:55 a.m.4 views

DEBIAN-CVE-2010-5296

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...

4.9CVSS6.4AI score0.01693EPSS
Exploits1References1
OSV
OSV
added 2014/01/21 1:55 a.m.12 views

CVE-2010-5296

wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...

6.1AI score
Exploits0References3
Prion
Prion
added 2012/11/24 8:55 p.m.16 views

Cross site request forgery (csrf)

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php...

6.8CVSS7.3AI score0.01338EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2012/02/27 12:0 a.m.38 views

ContaoCMS 2.11.0 Cross Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : ContaoCMS fka TYPOlight...

0.6AI score
Exploits0
Prion
Prion
added 2010/02/25 8:30 p.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that 1 delete users via the delete action in the ma2 parameter or 2 create...

6.8CVSS7.7AI score0.00955EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2009/05/27 12:0 a.m.15 views

RoomPHPlanning 1.6 Multiple Remote Vulnerabilities

No description provided by source. o o o O O ooooooo 0 oooo OOOo o o o O O O 0 0 0 o o o o o O O O 0 0000 oooo ooooo o o oooooo o o O O O 0 0 0 0 0 0 o o O O o o O OO 0 0 0 oooo ooooo oooo OOOOOO oooooo O O O 0 0 0 0 0 0oooo0 + RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities +...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/05/26 12:0 a.m.39 views

roomphplanning 1.6 - Multiple Vulnerabilities

o o o O O ooooooo 0 oooo OOOo o o o O O O 0 0 0 o o o o o O O O 0 0000 oooo ooooo o o oooooo o o O O O 0 0 0 0 0 0 o o O O o o O OO 0 0 0 oooo ooooo oooo OOOOOO oooooo O O O 0 0 0 0 0 0oooo0 + RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities + Discovered By : ThE g0bL!N + Greetz : All ...

7.4AI score
Exploits0
Rows per page
Query Builder