154 matches found
CVE-2013-4889
Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...
CVE-2013-4889
CVE-2013-4889 is a vulnerability in Digital Signage Xibo 1.4.2 where CSRF in index.php can hijack administrator sessions by performing actions such as adding a new administrator via the AddUser action. The entry aggregates related issues, noting that this vulnerability enables requests performed ...
PT-2014-2878
Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description The issue allows remote attackers to hijack the authentication of administrators for requests, including adding a new administrator via the AddUser action or conducting cross-site scripting XSS...
CVE-2012-3362
Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...
CVE-2012-3362
Cross-site request forgery CSRF vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action...
CVE-2012-3362
CVE-2012-3362 describes a Cross-site request forgery (CSRF) in eXtplorer up to version 2.1 RC3 and earlier. An attacker could hijack administrator authentication to perform actions—specifically, to add an administrator account via an adduser admin action. Affected software is eXtplorer; root caus...
Liferay 6.1 can be compromised in its default configuration
Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The problem...
CVE-2011-4162
The 1 AddUser, 2 AddUserEx, 3 RemoveUser, 4 RemoveUserByGuide, 5 RemoveUserEx, and 6 RemoveUserRegardless methods in HP Protect Tools Device Access Manager PTDAM before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a long SidStrin...
HP Device Access Manager Memory Corruption
Vulnerability ID: HTB23044 Reference: https://www.htbridge.ch/advisory/heapmemorycorruptioninhpdeviceaccessmanagerforprotecttoolsinformationstore.html Product: HP Device Access Manager for Protect Tools Information Store Vendor: Hewlett-Packard Vulnerable Version: Prior to v.6.1.0.1 Tested Versio...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via 1 the group parameter to goform/AddGroup, related to addgroup.asp; 2 the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the 3 user aka...
GoAhead Webserver multiple stored XSS vulnerabilities
Overview GoAhead Webserver 2.18 and possibly previous or newer versions, are vulnerable to multiple stored and reflective cross site scripting XSS vulnerabilities. Description GoAhead Webserver software fails to sanitize POST requests sent to the multiple functions. As a result, stored and...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to 1 newticket.php or 2 rempass.php, or a URL in the lang parameter in an adduser action to 3 index.php. NOTE: this can also be...
CVE-2009-4173
Cross-site request forgery CSRF vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php...
MS IIS 5.0/6.0 FTP Server remote overflow vulnerability(win2k)-vulnerability warning-the black bar safety net
IIS 5.0 FTPd / Remote r00t exploit Win2k SP4 targets bug found &exploited by Kingcope, kcope2atgooglemail.com Affects IIS6 with stack cookie protection August 2 0 0 9 - KEEP THIS 0DAY PRIV8 use I:Socket; $|=1; metasploit shellcode, adduser "winown:nwoniw" $sc =...
Shadow Stream Recorder Overflow
!/usr/bin/perl Shadow Stream Recorder .m3u file Local Universal Stack Overflow Exploit By AlpHaNiX NullArea.Net alphaathacker.bz Made in Tunisia program : Shadow Stream Recorder download : http://www.rm-to-mp3.net/downloads/ssrecordersetup.exe program homepage :...
CVE-2008-6585
Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...
CVE-2008-6585
Cross-site request forgery CSRF vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action...