27 matches found
wdlinux虚拟主机管理系统文件无访问验证直接建立数据库用户
简要描述: wdcpv2.5.10 文件无访问验证直接建立数据库账户 详细说明: wdcpv2.5.10 文件无访问验证mysql/adduser.php直接建立账户 截断修改数据包 挂载默认数据库 获得后台账户密码 漏洞证明: http://www.pclow.com:8080/mysql/adduser.php...
W-Agora 4.0 - add_user.php bn_dir_default Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28366/info w-Agora is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in adduser.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information...
CVE-2010-0707
CVE-2010-0707: CSRF in Employee Timeclock Software 0.99 (add_user.php) allows remote attackers to hijack an administrator’s session and create new administrative users. Root cause is CSRF vulnerability on admin-account creation requests; impact is unauthorized admin account creation as described....
CVE-2006-0686
adduser.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access...
CVE-2006-0686
adduser.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access...
CVE-2006-0686
CVE-2006-0686 concerns VHCS (Virtual Hosting Control System) versions 2.4.7.1 and earlier. The vulnerability lies in add_user.php, which does not check privileges when creating a new administrative user, enabling a remote attacker to gain unauthorized access. Documents confirm the affected produc...