6 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Mail interface in Zimbra Collaboration Server ZCS before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest...
Websitebaker SQL Injection Vulnerability (CNVD-2016-01767)
websitebaker is an open source content management system CMS. Websitebaker suffers from a SQL injection vulnerability. Due to the failure of the PHP script to filter user-supplied data via the "language" HTTP POST parameter passed to "/account/preferences.php", a remotely authenticated attacker...
Zimbra 8.0.9 GA - Cross-Site Request Forgery
Zimbra 8.0.9 GA - Cross-Site Request Forgery ====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release,...
Zimbra 8.0.9 GA - Cross-Site Request Forgery
Exploit for linux platform in category web applications ====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA...
Zimbra 8.0.9 GA - Cross-Site Request Forgery
====================================== Multiple CSRF in Zimbra Mail interface ====================================== CVE-2015-6541 Description =========== Multiple CSRF vulnerabilities have been found in the Mail interface of Zimbra 8.0.9 GA Release, enabling to change account preferences like...
CVE-2012-1000
Multiple cross-site scripting XSS vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the 1 message parameter to admins/login/forgot/index.php, or the 2 displayname or 3 email parameter to account/preferences.php...