Lucene search
+L

154 matches found

NVD
NVD
added 2014/01/29 6:55 p.m.19 views

CVE-2013-4889

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

6.8CVSS6.4AI score0.00873EPSS
Exploits3References1
Prion
Prion
added 2014/01/29 6:55 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

6.8CVSS6.7AI score0.01414EPSS
Exploits4References1Affected Software1
CVE
CVE
added 2014/01/29 6:0 p.m.53 views

CVE-2013-4889

CVE-2013-4889 is a vulnerability in Digital Signage Xibo 1.4.2 where CSRF in index.php can hijack administrator sessions by performing actions such as adding a new administrator via the AddUser action. The entry aggregates related issues, noting that this vulnerability enables requests performed ...

6.8CVSS6.5AI score0.00873EPSS
Exploits3References1Affected Software1
Positive Technologies
Positive Technologies
added 2014/01/29 12:0 a.m.6 views

PT-2014-2878

Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description The issue allows remote attackers to hijack the authentication of administrators for requests, including adding a new administrator via the AddUser action or conducting cross-site scripting XSS...

6.8CVSS5.9AI score0.00873EPSS
Exploits3References4
UbuntuCve
UbuntuCve
added 2012/07/12 8:55 p.m.28 views

CVE-2012-3362

Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...

6.8CVSS5.9AI score0.00888EPSS
Exploits1References1
Prion
Prion
added 2012/07/12 8:55 p.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...

6.8CVSS7.5AI score0.00888EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2012/07/12 8:0 p.m.25 views

CVE-2012-3362

Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...

6.9AI score0.00888EPSS
Exploits1References6
CVE
CVE
added 2012/07/12 8:0 p.m.65 views

CVE-2012-3362

CVE-2012-3362 describes a Cross-site request forgery (CSRF) in eXtplorer up to version 2.1 RC3 and earlier. An attacker could hijack administrator authentication to perform actions—specifically, to add an administrator account via an adduser admin action. Affected software is eXtplorer; root caus...

6.8CVSS7AI score0.00888EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2012/04/23 12:0 a.m.140 views

Liferay 6.1 can be compromised in its default configuration

Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The problem...

Exploits0
NVD
NVD
added 2011/12/05 11:55 a.m.16 views

CVE-2011-4162

The 1 AddUser, 2 AddUserEx, 3 RemoveUser, 4 RemoveUserByGuide, 5 RemoveUserEx, and 6 RemoveUserRegardless methods in HP Protect Tools Device Access Manager PTDAM before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a long SidStrin...

7.5CVSS7.7AI score0.07981EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2011/12/03 12:0 a.m.29 views

HP Device Access Manager Memory Corruption

Vulnerability ID: HTB23044 Reference: https://www.htbridge.ch/advisory/heapmemorycorruptioninhpdeviceaccessmanagerforprotecttoolsinformationstore.html Product: HP Device Access Manager for Protect Tools Information Store Vendor: Hewlett-Packard Vulnerable Version: Prior to v.6.1.0.1 Tested Versio...

0.8AI score
Exploits0
Prion
Prion
added 2011/11/03 10:55 a.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via 1 the group parameter to goform/AddGroup, related to addgroup.asp; 2 the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the 3 user aka...

4.3CVSS7.9AI score0.04772EPSS
Exploits1References3Affected Software1
CERT
CERT
added 2011/10/10 12:0 a.m.25 views

GoAhead Webserver multiple stored XSS vulnerabilities

Overview GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting XSS vulnerabilities. Description GoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and...

6.1AI score
Exploits0
Prion
Prion
added 2010/01/04 5:30 p.m.13 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to 1 newticket.php or 2 rempass.php, or a URL in the lang parameter in an adduser action to 3 index.php. NOTE: this can also be...

7.5CVSS8AI score0.07743EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2009/12/02 7:30 p.m.26 views

CVE-2009-4173

Cross-site request forgery CSRF vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php...

6.8CVSS7.1AI score0.01026EPSS
Exploits1References4
Prion
Prion
added 2009/12/02 7:30 p.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php...

6.8CVSS7.6AI score0.01026EPSS
Exploits1References4Affected Software2
myhack58
myhack58
added 2009/09/01 12:0 a.m.14 views

MS IIS 5.0/6.0 FTP Server remote overflow vulnerability(win2k)-vulnerability warning-the black bar safety net

IIS 5.0 FTPd / Remote r00t exploit Win2k SP4 targets bug found &exploited by Kingcope, kcope2atgooglemail.com Affects IIS6 with stack cookie protection August 2 0 0 9 - KEEP THIS 0DAY PRIV8 use I:Socket; $|=1; metasploit shellcode, adduser "winown:nwoniw" $sc =...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/04/14 12:0 a.m.36 views

Shadow Stream Recorder Overflow

!/usr/bin/perl Shadow Stream Recorder .m3u file Local Universal Stack Overflow Exploit By AlpHaNiX NullArea.Net alphaathacker.bz Made in Tunisia program : Shadow Stream Recorder download : http://www.rm-to-mp3.net/downloads/ssrecordersetup.exe program homepage :...

0.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2009/04/03 6:30 p.m.31 views

CVE-2008-6585

Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...

6.8CVSS6AI score0.0122EPSS
Exploits1References1
Cvelist
Cvelist
added 2009/04/03 6:0 p.m.30 views

CVE-2008-6585

Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...

7.1AI score0.0122EPSS
Exploits1References5
Rows per page
Query Builder