📄 Online Vehicle Service Management System 1.0 Add Administrator

Proof of concept add administrator exploit for Online Vehicle Service Management System version 1.0 that leverages a missing authentication vulnerability. ============================================================================================================================================= ...

CVE-2019-25247

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into...

CVE-2018-25133

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...

CVE-2019-25247 Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into...

CVE-2019-25247 Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability

Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into...

CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...

CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...

EUVD-2007-6607

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-18346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker- controlled webpage, the attacker can send arbitrary requests ...

CVE-2022-36577

An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin...

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service factory reset or continuous locking with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-36577

An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin...

CVE-2022-26173

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery CSRF via http://targethost:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

Axous has multiple vulnerabilities

Axous is a software provider of online store systems. A cross-site request forgery and cross-site scripting vulnerability exists in Axous 1.1.1 and prior versions. An attacker can exploit this vulnerability to add an administrator account or inject arbitrary code...

CVE-2020-8504

School Management Software PHP/mySQL through 2019-03-14 allows officeadmin/?action=addadmin CSRF to add an administrative user...

CVE-2019-13370

index.php/admin/permissions in Ignited CMS through 2017-02-19 allows CSRF to add an administrator...

CVE-2018-5406

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing CORS mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator accou...

CVE-2019-11374

74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI...

CVE-2019-7737

A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit...