CVE-2018-17316

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

RICOH MP C406Z Printer Cross Site Scripting

Exploit Title: RICOH MP C406Z Printer - HTML Injection and Stored XSS Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

RICOH MP C406Z Printer - Cross-Site Scripting

RICOH MP C406Z Printer - Cross-Site Scripting Exploit Title: RICOH MP C406Z Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...

RICOH MP C2003 Printer Cross Site Scripting

Exploit Title: RICOH MP C2003 Printer - HTML Injection and Stored XSS Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link : https://www.ricoh.ca/en/products/pd/mp-c2003-color-laser-multifunction-printer//R-240-417253 Software : RICOH Printer...

RICOH MP C6003 Printer - Cross-Site Scripting

Exploit Title: RICOH MP C6003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...

CVE-2018-17366

An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...

Cross site scripting

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

Cross site scripting

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-17002

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

CVE-2018-16449

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...

Cross site request forgery (csrf)

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html...

CVE-2018-15851

An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add...

daveismyname simple-cms authentication flaw vulnerability

daveismyname simple-cms is a content management system CMS. A security vulnerability exists in daveismyname simple-cms on 2014-03-11 and earlier versions, which stems from adding pages without authentication. An attacker can exploit the vulnerability to add pages...

CVE-2018-15202

An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products...

Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages

Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts. The project uses Selinium, Appium,...

Prototype Pollution

node-extend is vulnerable to prototype pollution. The merging of the proto property is not prevented and the Utilities function can be tricked into modifying the prototype of "Object" when the structure passed to these function is controlled by an attacker. This would allow adding or modifying...

CVE-2018-14583

xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account...

ArticleCMS Cross-Site Scripting Vulnerability

ArticleCMS is a responsive content management system CMS built on Bootstrap and ThinkPHP. The system is mainly used for the management of users and articles in the background. A cross-site scripting vulnerability exists in ArticleCMS 2017-02-19 and earlier versions. A remote attacker can exploit...

CVE-2018-11671

An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle...

CVE-2018-11126

dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account...