CVE-2019-4091

"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "...

CVE-2020-7639

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

CVE-2020-9341

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

CVE-2019-19832

Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. The frmUserName value must have a unique name...

SQL Injection Vulnerability in MyfCMS Backend at Adding New Posts

Min Yifei Content Management System, abbreviated MyfCMS, is a PHP+Mysql content management system. A SQL injection vulnerability exists in the backend of MyfCMS at Add New Article. An attacker can exploit the vulnerability to obtain sensitive database information...

Design/Logic Flaw

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

CVE-2013-7473

Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account...

Cross site request forgery (csrf)

OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery CSRF. The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3...

Parameth - This Tool Can Be Used To Brute Discover GET And POST Parameters

This tool can be used to brute discover GET and POST parameters Often when you are busting a directory for common files, you can identify scripts for example test.php that look like they need to be passed an unknown parameter. This hopefully can help find them. The -off flag allows you to specify...

Cross site request forgery (csrf)

/console/account/manage.php?type=action&action=add in JTBC v3.0C has CSRF for adding an administrator account...

CVE-2018-17429

/console/account/manage.php?type=action&action=add in JTBC v3.0C has CSRF for adding an administrator account...

WSD-T13 cloud storage camera suffers from information leakage vulnerability (CNVD-2019-06649)

Ltd. is an enterprise specializing in the research and development, production, sales and service of security monitoring products. WSD-T13 Cloud Storage Camera suffers from an information leakage vulnerability. An attacker can exploit the vulnerability to cause device ID leakage and add other use...

Cross site request forgery (csrf)

An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=editinfo&acttype=add...

CVE-2018-20362

A NULL pointer dereference was discovered in ifilterbank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHTSHORTSEQUENCE case...

CVE-2018-20188

FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account...

CVE-2018-19118

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service stack-based buffer overflow via the 'Domain Name' field when adding a new domain...

CVE-2018-19118

Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service stack-based buffer overflow via the 'Domain Name' field when adding a new domain...

CVE-2018-18422

UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/aadminx.php?x=a URI...

CVE-2018-18201

qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account...