PROLiNK H5004NK Cross Site Request Forgery

Exploit Title: PROLiNK H5004NK Multiple Vulnerabilities Date: 16-04-2015 Firmware: R76S Slt 4WNE1 6.1R Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Disclaimer: Use this for educational purposes only! 1| Admin Password Manipulation XSRF...

Prolink H5004NK Cross Site Request Forgery Vulnerability

PROLiNK H5004NK suffers from multiple cross site request forgery vulnerabilities. Exploit Title: PROLiNK H5004NK Multiple Vulnerabilities Date: 16-04-2015 Firmware: R76S Slt 4WNE1 6.1R Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Disclaimer: Use this for...

EVO-CMS 2.1.0 Cross Site Request Forgery

Affected software: evo cms Type of vulnerability: adding new admin csrf URL: http://www.evo-german.com/ Discovered by: Provensec Website: http://www.provensec.com version:EVO-CMS 2.1.0 Proof of concept attacker was able to add new admin as there were no protection against csrf poc poc: input...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the i18n1name parameter in a pjActionCreate action to the...

CVE-2014-10008

Multiple cross-site request forgery CSRF vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add 1 an administrator via a crafted request to the admin page, 2 an agent via a crafted request to the agent page, 3 a sub-agent via a...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the AdminObserver function in e107admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action...

Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Exploit Title: Multiple XSS vulnerabilities in Bilboplanet application Date: 10/15/13 Exploit Author:Vivek N http://nvivek.weebly.com/ Vendor Homepage: http://www.bilboplanet.com/ Software Link: www.bilboplanet.com/index.php/downloads/?lang=en Version: 2.0 Tested on: Windows CVE : 1. Stored XSS...

Envoy: Stored XSS on adding locations

Authenticate into the application. 2. Navigate to https://signwithenvoy.com/locations 3. Click on "Add a new location" 4. Enter ";alert1" for Location Name. 5. Enter some random Location Admin's name, Location admin's email and password. 6. Click on "Add Location" 7. Notice that a pop-up appears...

Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability

No description provided by source. Exploit Title: Verizon Fios Router CSRF Admin Shell Date: Discovered and reported January 2013 Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators Software: Verizon FIOS Router - Firmware 40.19.36 http://verizon.com CVE: CVE-2013-01...

PiXie CMS <= 1.04 - Multiple CSRF Vulnerabilities

No description provided by source. Add Super User: html !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Super User Google Dork: allintext: Pixie Powered Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: =1.04 Tested on:...

Tribq CMS 5.2.7 - Adding/Editing New Administrator Account CSRF

No description provided by source. Exploit Title: Tribq CMS CSRF - Adding/Editing new administrator account Date: 2013 8 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage:...

Bigace CMS 2.7.8 - Add Admin Account CSRF

No description provided by source. Exploit Title: Bigace CMS CSRF - Adding an admin account Date: 2013 29 July Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.bigace.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2.7.8 Contacts:...

openSUSE Security Update : osc (openSUSE-SU-2012:0400-1)

This update of osc to 0.134.1 provides the following changes : - adding unlock command - maintenanceincident requests get created with source revision of package - Enables new maintenance submissions for new OBS 2.3 maintenance model - Fixes srcmd5 revisions in submit request, when link target !=...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/...

ThinkSAAS SQL注入#6

简要描述： ThinkSAAS SQL注入6 详细说明： thinksaas在添加标签处，由于不完全的过滤，以及特殊的构造拼接导致sql注入。 在/app/tag/action/add.php文件： case "do": $objname = t$POST'objname'; $idname = t$POST'idname'; $objid = intval$POST'objid'; $tags = t$POST'tags'; $new'tag'-addTag$objname,$idname,$objid,$tags; tsNotice'标签添加成功！'; break;...

Apprain 3.0.2 Cross Site Request Forgery

Exploit Title: Apprain CMF / CSRF ADD/DELETE administrator's account Date: 2013 29 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://www.apprain.com/ Tested on: Linux & Windows, PHP 5.2.9 Affected...

appRain CMF 3.0.2 - CSRF Add/Delete Admin Account Vulnerability

Exploit for php platform in category web applications Exploit Title: Apprain CMF / CSRF ADD/DELETE administrator's account Date: 2013 29 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage:...

Spitfire CMS 1.1.4 - Cross-Site Request Forgery

Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://spitfire.clausmuus.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected...

Tribq CMS 5.2.7 - Cross-Site Request Forgery (AddingEditing New Administrator Account)

Tribq CMS 5.2.7 - Cross-Site Request Forgery AddingEditing New Administrator Account Exploit Title: Tribq CMS CSRF - Adding/Editing new administrator account Date: 2013 8 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir...