4 matches found
CVE-2021-43442
CVE-2021-43442 concerns a logic flaw in i3 International Annexxus Cameras (Ax-n 5.2.0 Ax46; 5.0.9 Ax68; 5.0.9 Ax78) where the system blocks multiple admin accounts but can be bypassed via parameter manipulation using PUT/DELETE and by calling the UserPermission endpoint with the created account’s...
Yoast Google Analytics Stored Cross Site Scripting
OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...
Dredge School Administration System - DSMloader.php Cross-Site Request Forgery (Admin Account Manipulation)
Dredge School Administration System - DSMloader.php Cross-Site Request Forgery Admin Account Manipulation source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site...
VR GPub 4.0 - Cross-Site Request Forgery
VR GPub 4.0 - Cross-Site Request Forgery +-------------------------------------------------------------------------+ Exploit Title : VR GPub 4.0 CSRF Vulnerability version : VR GPub 4.0 Author : Cyber-Crystal Date : n/a Dork : inurl:"VR GPub" Software Link :...