PT-2017-12023 · Pulse · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 8.2R1 through 8.2R5 Pulse Connect Secure versions 8.1R1 through 8.1R10 Pulse Policy Secure versions 5.3R1 through 5.3R5 Pulse Policy Secure versions 5.2R1 through 5.2R8 Pulse Policy Secure versions 5.1R1 through...

CVE-2017-2238

Cross-site request forgery CSRF vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2017-6086

CVE-2017-6086 concerns ViMbAdmin 3.0.15. The connected sources describe multiple cross-site request forgery (CSRF) vulnerabilities affecting administrator actions. The root causes are CSRF flaws in the following controller endpoints: DomainController.php (add/delete administrator, change password...

CVE-2016-4854

Cross-site request forgery CSRF vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors...

CVE-2017-8930

Multiple cross-site request forgery CSRF vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can 1 create new administrator user accounts and take over the entire application, 2 create regular user accounts, or 3 change...

CVE-2017-8930

Multiple cross-site request forgery CSRF vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can 1 create new administrator user accounts and take over the entire application, 2 create regular user accounts, or 3 change...

CVE-2016-4878

baserCMS 3.0.10 and earlier is affected by a Cross-site request forgery (CSRF) vulnerability that enables an attacker to hijack the authentication of administrators via unspecified vectors. The exploitable scope covers baserCMS itself and related plugins (Blog, Mail, Feed, Uploader) as listed in ...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors...

CVE-2016-4891

CVE-2016-4891 is a CSRF vulnerability in SetucoCMS affecting all versions, enabling remote attackers to hijack an administrator’s session to change settings via unspecified vectors. The linked JVN entries confirm the issue and note the impact as unintended setting changes; multiple sources also r...

CVE-2017-3886

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL...

CVE-2017-6097

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaign/countofsend.php Requires authentication to Wordpress admin with the POST Parameter: campid...

CVE-2017-6096

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/lists/view-list.php Requires authentication to Wordpress admin with the GET Parameter: filterlist...

CVE-2016-7980

Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...

CVE-2016-6642

Cross-site request forgery CSRF vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files...

CVE-2016-7123

Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...

UBUNTU-CVE-2016-6635

Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...

CVE-2016-5807

Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request...

CVE-2016-4066

Cross-site request forgery CSRF vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors...

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

Alibaba Clone B2B Script - Admin Authentication Bypass

Exploit for php platform in category web applications Exploit Title: Alibaba Clone B2B Script Admin Authentication Bypass Date: 2016-05-03 Exploit Author: Meisam Monsef email protected or email protected Vendor Homepage: http://alibaba-clone.com/ Version: All Versions Exploit : For enter , simply...