CVE-2018-10295

ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account...

CVE-2018-10224

An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html...

CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...

CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...

Ping Identity: CSRF in Inviting users

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

ipage.com XSS vulnerability

Open Bug Bounty ID: OBB-558108 Description| Value ---|--- Affected Website:| ipage.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2012-0699

Multiple cross-site request forgery CSRF vulnerabilities in Family Connections CMS aka FCMS 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add news via an add action to familynews.php or 2 add a prayer via an add action to prayers.php...

CVE-2017-10624

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1...

CVE-2017-12970

Cross-site request forgery CSRF vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that 1 add or 2 delete user accounts via a request to phpsftpd/users.php...

New Relic: CSRF For Adding Users

Issue The API affected is https://rpm.newrelic.com/accounts/accountid/accountviews. Only admin users are allowed to add other new users, but a normal user with knowledge of the accountid can craft a webpage which does a CSRF when an admin user visits it. There are 2 problems with it that can resu...

UBUNTU-CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR 45.6 and Thunderbird 45.6...

SweetRice 1.5.1 Code Execution

Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;?...

SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution

SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? /textarea...

Mail.ru: [allods.mail.ru] Cross-Site Request Forgery (Add-Item)

Hi, I found that there is no anti-csrf while adding an item for '/media.php' in allods.mail.ru, from 'https://allods.mail.ru/media.php?do=additem&section=2' since there was no anti-csrf token, there was still an extra layer of security for csrf which I had to bypass! More Details: The upload...

How to Add AutoDiscovery Record for Citrix Endpoint Management

This article details on how to add the AutoDiscovery Record...

Unable to add account in Receiver using SHA512 certificate

Unable to add account in Receiver using SHA512 certificate...

git -- integer overflow

Debian reports: integer overflow due to a loop which adds more to "len"...

SQL Injection Vulnerability in Add Parameters of Nanjing Jenohan Journal Submission System

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. An SQL injection vulnerability exists in the Add paramete...

Simple Invoice 2011.1 Cross Site Request Forgery

Affected software: simple invoice Type of vulnerability:adding admin user via csrf URL:simpleinvoices.org Discovered by: provensec Website: provensec.com version:2011.1 Proof of concept...

FlatPress 1.0 Cross Site Scripting

Affected software: FlatPress 1.0 Type of vulnerability:stored xss URL:http://www.opensourcecms.com/scripts/details.php?scriptid=77&name=FlatPress Discovered by: provensec Website: provensec.com version: FlatPress 1.0 Proof of concept adding a new entry with xss payload will lead to stored cross...