Lucene search
+L

63 matches found

UbuntuCve
UbuntuCve
added 2015/08/03 2:59 p.m.39 views

CVE-2015-5623

WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...

4CVSS5.9AI score0.08814EPSS
Exploits1References4
NVD
NVD
added 2015/01/01 11:59 a.m.17 views

CVE-2011-5316

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7AI score0.00609EPSS
Exploits1References1
NVD
NVD
added 2015/01/01 11:59 a.m.10 views

CVE-2011-5315

Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7AI score0.00609EPSS
Exploits1References1
Prion
Prion
added 2015/01/01 11:59 a.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7.6AI score0.00609EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2015/01/01 11:59 a.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7.6AI score0.00609EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2015/01/01 11:0 a.m.22 views

CVE-2011-5316

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

7AI score0.00609EPSS
Exploits1References1
Cvelist
Cvelist
added 2015/01/01 11:0 a.m.26 views

CVE-2011-5315

Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

7AI score0.00609EPSS
Exploits1References1
CVE
CVE
added 2015/01/01 11:0 a.m.42 views

CVE-2011-5316

The CVE-2011-5316 entry concerns a CSRF flaw in the Cambio 0.5a nightly r37 release, specifically affecting the admin/index.php handler. The underlying issue allows an attacker to hijack an administrator’s session and perform credential-changing actions via a seemingly legitimate user-initiated r...

6.8CVSS7.3AI score0.00609EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2014/07/03 2:55 p.m.28 views

CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

6.8CVSS6.6AI score0.02805EPSS
Exploits1References4
Prion
Prion
added 2014/07/03 2:55 p.m.25 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI...

6.8CVSS7.4AI score0.0069EPSS
Exploits3References3Affected Software1
Debian CVE
Debian CVE
added 2014/07/03 2:0 p.m.72 views

CVE-2014-3920

Cross-site request forgery CSRF vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI...

6.8CVSS6.6AI score0.0069EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2014/07/03 12:0 a.m.9 views

PT-2014-6070 · WordPress · Simple Share Buttons Adder

Name of the Vulnerable Software and Affected Versions: Simple Share Buttons Adder plugin versions prior to 4.5 Description: The issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks. This is possible via the ssba...

6.8CVSS5.9AI score0.02805EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2013/11/23 6:55 p.m.30 views

CVE-2012-6607

The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...

3.3CVSS6AI score0.00365EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2013/11/23 6:0 p.m.42 views

CVE-2012-6607

The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786...

3.3CVSS5.7AI score0.00365EPSS
Exploits0
NVD
NVD
added 2013/11/01 3:55 p.m.36 views

CVE-2013-5977

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

6.8CVSS6.4AI score0.03154EPSS
Exploits6References10
Prion
Prion
added 2012/10/24 5:55 p.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

6.8CVSS6.6AI score0.02993EPSS
Exploits6References6Affected Software1
Prion
Prion
added 2012/01/29 11:55 a.m.15 views

Path traversal

translate.php in Support Incident Tracker aka SiT! 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path...

5CVSS6.6AI score0.02811EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2010/08/02 8:40 p.m.12 views

Directory traversal

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful mlmmj 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. dot d...

6.5CVSS6.7AI score0.01806EPSS
Exploits0References11Affected Software1
Prion
Prion
added 2010/05/07 6:24 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 addNewDept, 2 deptId, or 3 deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the 4 firstName, 5 lastName, or 6 email...

4.3CVSS5.9AI score0.00855EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2009/09/18 8:0 p.m.26 views

CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

7.1AI score0.01258EPSS
Exploits1References8
Rows per page
Query Builder