63 matches found
CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...
CVE-2011-5316
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5315
Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5316
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5315
Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5316
The CVE-2011-5316 entry concerns a CSRF flaw in the Cambio 0.5a nightly r37 release, specifically affecting the admin/index.php handler. The underlying issue allows an attacker to hijack an administrator’s session and perform credential-changing actions via a seemingly legitimate user-initiated r...
CVE-2014-4717
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI...
CVE-2014-3920
Cross-site request forgery CSRF vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI...
PT-2014-6070 · WordPress · Simple Share Buttons Adder
Name of the Vulnerable Software and Affected Versions: Simple Share Buttons Adder plugin versions prior to 4.5 Description: The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks. This is possible via the ssba...
CVE-2012-6607
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...
CVE-2012-6607
The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...
CVE-2013-5977
Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...
Path traversal
translate.php in Support Incident Tracker aka SiT! 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path...
Directory traversal
Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 addNewDept, 2 deptId, or 3 deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the 4 firstName, 5 lastName, or 6 email...
CVE-2009-3248
Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...