152 matches found
CVE-2018-18449
EmpireCMS 7.5 is affected by a CSRF vulnerability that allows adding a user account via enews=AddUser on e/admin/user/ListUser.php (and related mentions in CVE records). The NVD entry for CVE-2018-18449 lists CVSS v2 base score 6.8 (MEDIUM) and CVSS v3 base score 8.8 (HIGH) with network attack ve...
The vulnerability of the adduser utility in the Astra Linux operating system, which allows a hacker to trigger a service failure.
The vulnerability of the adduser utility in the Astra Linux operating system is related to an error in assigning mandatory integrity attributes, which prevents access to the user’s home directory. When creating a user, a level of integrity other than 0 was set for their home directory. Exploiting...
The vulnerability of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager arises from the lack of measures taken to protect the website structure. This allows a hacker to inject arbitrary code into the uploaded web page.
The vulnerability of the addUser function in the software controller for D-Link Central WiFi Manager exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the uploaded web page remotely...
D-Link Central WiFi Manager Cross-Site Scripting Vulnerability
D-Link Central WiFi Manager is a WiFi management system from AUO D-Link. A cross-site scripting vulnerability exists in the 'username' parameter of the addUser endpoint in versions prior to D-Link Central WiFi Manager 1.03r0100-Beta1. A remote attacker can exploit this vulnerability to inject...
CVE-2018-17441
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS...
EmpireCMS Cross-Site Request Forgery Vulnerability
EmpireCMS Empire Website Management System is a content management system CMS. A cross-site request forgery vulnerability exists in EmpireCMS version 7.0, which can be exploited by remote attackers to add administrators with the help of the upload/e/admin/user/AddUser.php?enews=AddUser interface...
Design/Logic Flaw
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...
CVE-2018-15888
An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly...
Crestron Multiple Products CTP Console ADDUSER Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the ADDUSER command of the CTP console. The issue results from the lack ...
CVE-2018-14583
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...
XYHCMS Cross-Site Request Forgery Vulnerability
XYHCMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in XYHCMS version 3.5. A remote attacker can exploit this vulnerability by sending an index.php?g=Manage&m=Rbac&a=addUser request to add an administrator account...
CMS Made Simple Cross-Site Request Forgery Vulnerability
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site request forgery vulnerability exists ...
The vulnerability of the Xymon network monitoring software allows a intruder to execute arbitrary commands.
The vulnerability of the xymond network monitoring software component is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using metasymbols in the addusername argument in web/useradm.c or web/chpasswd.c...
UBUNTU-CVE-2016-2056
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the addusername argument in 1 web/useradm.c or 2 web/chpasswd.c...
CVE-2014-9331
Cross-site request forgery CSRF vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATEID/1417736606982/roleMgmt.do...
TaskTracker <= 1.5 (Customize.asp) Remote Add Administrator Exploit
No description provided by source. !-- Title : TaskTracker All Version Remote Add Admin Exploit Author : ajann Contact : : S.Page : http://www.geckovich.com $$ : $39.99 - $19.99 -- FORM NAME=AddUser METHOD=POST ACTION=http://target/path/Customize.asp?a=Add style=word-spacing: 0; margin-top: 0;...
OpenJournal 2.0 Authentication Bypassing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9598/info It has been reported that OpenJournal is prone to an authentication bypass vulnerability. This issue is caused by the application failing to properly sanitize URI specified parameters. Successful exploitation of...
Ethereal <= 0.10.10 (SIP) Protocol Dissector Remote BoF Exploit
No description provided by source. / tetherealsip.c now quite functional Ethereal 0.10.0 to 0.10.10 SIP Dissector remote root exploit Advisory: http://www.ethereal.com/appnotes/enpa-sa-00019.html produced by Team W00dp3ck3r: frauk\x41iser mag00n s00n thorben Notes: tested on Debian Sarge Linux...
CVE-2013-4889
Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...