Lucene search
K

231 matches found

NVD
NVD
added 2018/10/16 7:29 a.m.12 views

CVE-2018-18382

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...

8.8CVSS9AI score0.02695EPSS
Exploits1References1
CVE
CVE
added 2018/10/16 7:0 a.m.37 views

CVE-2018-18382

Advanced HRM 1.6 is affected by CVE-2018-18382, which enables Remote Code Execution via PHP code uploaded to a .php file at the user/update-user-avatar URI, accessible through the Update Profile/Change Picture flow (user/edit-profile). The issue is tied to the specific endpoint path used for upda...

8.8CVSS8.9AI score0.02695EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2018/05/24 12:0 a.m.38 views

Timber 1.1 Cross Site Request Forgery

Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717 Version: 1.1 Tested on: Kali linux...

0.4AI score
Exploits0
CNVD
CNVD
added 2018/02/07 12:0 a.m.4 views

Atlassian Bamboo Cross-Site Request Forgery Vulnerability

Atlassian Bamboo is a suite of continuous integration build tools from Atlassian Australia. The tools help development teams build, test, release and deploy projects using continuous delivery capabilities. A cross-site request forgery vulnerability exists in the update user administration resourc...

8.8CVSS6.9AI score0.00673EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/18 12:0 a.m.3 views

Logic Design Flaw Vulnerability in DBSHOP_0.9.3_Beta

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Mobile/src/Mobile/Controller/HomeController.php there is a logical design flaw vulnerability . As the parameters of the post are passed to $passArray to determine whether the original...

7AI score
Exploits0References1
exploitpack
exploitpack
added 2016/02/04 12:0 a.m.14 views

WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation

WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

0.4AI score
Exploits0
0day.today
0day.today
added 2015/11/17 12:0 a.m.38 views

ClipperCMS 1.3.0 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.clippercms.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to...

7.1AI score
Exploits0
myhack58
myhack58
added 2011/12/28 12:0 a.m.31 views

Talking about web application permissions problems-vulnerability warning-the black bar safety net

Before knowing about web permissions there might be a problem, but in reality the test encountered is relatively small, today met on record: a warrior please don't waste your valuable time A, longitudinal Stripping of the right to In General the site has many users, divided into different...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2009/04/07 10:0 a.m.24 views

CVE-2008-6639

Cross-site request forgery CSRF vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the updateuserpwd action...

7.1AI score0.00629EPSS
Exploits1References4
Prion
Prion
added 2006/04/05 10:4 a.m.17 views

Code injection

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...

5CVSS7.1AI score0.02187EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2006/04/05 10:4 a.m.21 views

CVE-2006-1620

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...

5CVSS6.6AI score0.02187EPSS
Exploits0References9
Rows per page
Query Builder