Tribq CMS 5.2.7 - Cross-Site Request Forgery (Adding/Editing New Administrator Account)

Exploit Title: Tribq CMS CSRF - Adding/Editing new administrator account Date: 2013 8 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://sourceforge.net/projects/tribiq/ Tested on: Linux & Windows, PH...

Tribq CMS 5.2.7 Cross Site Request Forgery

Exploit Title: Tribq CMS CSRF - Adding/Editing new administrator account Date: 2013 8 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://sourceforge.net/projects/tribiq/ Tested on: Linux & Windows, PH...

BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Bigace CMS CSRF - Adding an admin account Date: 2013 29 July Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.bigace.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2.7.8 Contacts: http://Twitter.com/YShahinzadeh ,...

BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)

BigACE 2.7.8 - Cross-Site Request Forgery Add Admin Exploit Title: Bigace CMS CSRF - Adding an admin account Date: 2013 29 July Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.bigace.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2.7.8...

Bigace CMS 2.7.8 Cross Site Request Forgery

Exploit Title: Bigace CMS CSRF - Adding an admin account Date: 2013 29 July Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.bigace.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2.7.8 Contacts: http://Twitter.com/YShahinzadeh ,...

Fedora Update for kactivities FEDORA-2013-10130

Check for the Version of kactivities OpenVAS Vulnerability Test Fedora Update for kactivities FEDORA-2013-10130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Passenger passenger witkey system CSRF+getshell-a vulnerability warning-the black bar safety net

Registered members 2, The http://127.0.0.1/index.php?do=user&view=message&msgtype=write 3, is sent to the admin, the following is a csrf, the purpose is to add an administrator account kppw password kppwkppw script src=http://127.0.0.1/control/admin/index. php?...

Monitoring of standalone hosts fails

Challenge No topology is created for standalone ESX/ESXi hosts. nworks logs contain the following errors: 0.0017 EXCOL+ VP120 retrieveHostProperties failed, buildMorList: zero count at nworksCore.Collectors.VimUtil.buildMorListList1 nodes at...

Several REST interfaces vulnerable to XSRF

Several REST web services are vulnerable to XSRF|https://www.owasp.org/index.php/Cross-SiteRequestForgeryCSRF, allowing malicious web pages to execute them under the context of a logged in users browser. It's understood that JIRA REST interfaces are typically protected against XSRF based on the...

SASHA v0.2.0 Mutiple XSS

Exploit Title: SASHA v0.2.0 Mutiple XSS Date: 12/16/11 Author: G13 Software Link: http://sourceforge.net/projects/sasha/files/ Version: 0.2.0 Category: webapps php Vulnerability When adding a new course to the schedule, the application relies on Client Side controls for input. This can easily be...

linux/x86 Addnew Users 'root' /etc/passwd shell code 79 bytes

=============================================================== Linux X86 Addnew Users 'Ro0t' /etc/passwd shell code 79 bytes =============================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

Quick CMS 3.0 Cross Site Request Forgery

================================ + Exploit Title: Quick CMS v3.0 Cross Site Request Forgery Add Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"Quick.Cms v3.0" inurl:admin.php + Demo CMS Link:...

CMS Made Simple 1.7 Cross Site Request Forgery

======================================================================= CMS Made Simple 1.7 CSRF Vulnerability ======================================================================= Vulnerability found in- Admin module email [email protected] company aksitservices Credit by Pratul Agrawal...

Making friends

Hover your cursor atop Friends and click on Find Friends and you get this page, except you’ll likely have pictures. These are your friends’ friends. You can decide to ask these people to be your friends by clicking “Add as friend” or X to remove them from this list. You might also find it easier ...

Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery

----------------------------------------------------------------------------------------------- Title: Ez Blog XSS/XSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

CVE-2008-6736

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to 1 add new events via calAdd.php, as reachable from admin/add.php, or 2 delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not foll...

Libera CMS 1.12 - 'cookie' SQL Injection

!/usr/bin/perl ---------------------------------------------------------- Libera CMS agent"Mozilla/4.5 en Win95; U"; $https-timeout1; $https-defaultheader'Cookie' = "liberastaffpass=' or '1=1"; $request = $https-post$hostname."/admin.php?action=adduserprocess", username = $username, password =...

LoveCMS 1.6.2 Final - Remote Code Execution

!/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 1: adding a side block Description: add some php into a block container on the side of the site. phpinfo is called. Usage: ./LoveCMS1blocks.rb Ex: ./LoveCMS1blocks.rb...

LoveCMS 1.6.2 Final Remote Code Execution Exploit

Exploit for unknown platform in category web applications ================================================= LoveCMS 1.6.2 Final Remote Code Execution Exploit ================================================= !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- LoveCMS Exploit Series Episode...

LoveCMS 1.6.2 Final - Remote Code Execution

LoveCMS 1.6.2 Final - Remote Code Execution !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 1: adding a side block Description: add some php into a block container on the side of the site. phpinfo is called. Usage: ./LoveCMS1blocks....