231 matches found
CVE-2018-18382
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...
CVE-2018-18382
Advanced HRM 1.6 is affected by CVE-2018-18382, which enables Remote Code Execution via PHP code uploaded to a .php file at the user/update-user-avatar URI, accessible through the Update Profile/Change Picture flow (user/edit-profile). The issue is tied to the specific endpoint path used for upda...
Timber 1.1 Cross Site Request Forgery
Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717 Version: 1.1 Tested on: Kali linux...
Atlassian Bamboo Cross-Site Request Forgery Vulnerability
Atlassian Bamboo is a suite of continuous integration build tools from Atlassian Australia. The tools help development teams build, test, release and deploy projects using continuous delivery capabilities. A cross-site request forgery vulnerability exists in the update user administration resourc...
Logic Design Flaw Vulnerability in DBSHOP_0.9.3_Beta
DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Mobile/src/Mobile/Controller/HomeController.php there is a logical design flaw vulnerability . As the parameters of the post are passed to $passArray to determine whether the original...
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
ClipperCMS 1.3.0 - Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications 1. Introduction Affected Product: ClipperCMS 1.3.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://www.clippercms.com/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to...
Talking about web application permissions problems-vulnerability warning-the black bar safety net
Before knowing about web permissions there might be a problem, but in reality the test encountered is relatively small, today met on record: a warrior please don't waste your valuable time A, longitudinal Stripping of the right to In General the site has many users, divided into different...
CVE-2008-6639
Cross-site request forgery CSRF vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the updateuserpwd action...
Code injection
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...
CVE-2006-1620
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is presen...