Vtiger CRM < 6.5.0 Multiple Vulnerabilities

Vtiger CRM is prone to a privilege escalation and unrestricted file upload vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user account or 2 reconfigure the state of the FTP service, as demonstrated by a...

CVE-2010-4408

Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a 1 unattended...

Cuteflow 2.10.3 - &#039;edituser.php&#039; Security Bypass

It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the application not properly restricting access ...

Apple Mac OS X Keychain安全绕过漏洞

BUGTRAQ ID: 26877 CVE ID:CVE-2007-5862 CNCVE ID:CNCVE-20075862 Apple Mac OS X是一款商业性质的基于BSD的操作系统。 Apple Mac OS X在执行部分操作时不正确验证用户信任信息，远程攻击者可以利用漏洞进行安全绕过攻击，修改其他用户帐户等操作。 Keychain升级的访问检查可绕过，特定构建的JAVA APPLET可增加或删除用户keychain中的项目而不对用户进行任何提示操作。可能导致修改其他用户帐户等攻击。 Apple Mac OS X Server 10.4.11 Apple Mac OS X...

CVE-2007-2591

usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service account deactivation via the...

Deserialization of untrusted data

usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service account deactivation via the...

CVE-2007-2591

usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service account deactivation via the...

Alt-N WebAdmin < 3.0.3 Multiple Remote Vulnerabilities

Binary data 2572.prm...

alt-n WebAdmin 3.0.2 - Multiple Vulnerabilities

alt-n WebAdmin 3.0.2 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12395/info Alt-n WebAdmin is reportedly affected by multiple remote vulnerabilities. The application is affected by multiple cross-site scripting issues. An attacker may leverage these issues to execute...

Alt-N WebAdmin Multiple Remote Vulnerabilities (XSS, Bypass Access)

The remote host is running Alt-N WebAdmin, a web interface to MDaemon mail server. The remote version of this software is affected by cross-site scripting vulnerabilities due to a lack of filtering on user-supplied input in the file 'usereditaccount.wdm' and the file 'modalframe.wdm'. An attacker...