888 matches found
Alibaba Clone B2B Script - Admin Authentication Bypass
Exploit Title: Alibaba Clone B2B Script Admin Authentication Bypass Date: 2016-05-03 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://alibaba-clone.com/ Version: All Versions Exploit : For enter , simply enter the following code...
CVE-2016-0891
The CVE-2016-0891 entry documents Cross-Site Request Forgery (CSRF) vulnerabilities in EMC ViPR SRM (Watch4net) prior to version 3.7, affecting administrative pages and enabling an attacker to hijack administrator sessions. The root cause is CSRF protection absence in affected administrative work...
CVE-2016-1174
Cross-site request forgery CSRF vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators...
CVE-2016-1172
Cross-site request forgery CSRF vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators...
CVE-2016-1170
The CVE-2016-1170 entry describes a Cross-site request forgery (CSRF) vulnerability in the Casebook plugin for baserCMS, affecting versions prior to 0.9.4. Root cause: CSRF in the Casebook plugin allows remote attackers to hijack administrator authentication. Impact: arbitrary administrator actio...
WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities
WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities Exploit Title: BWS Captcha Multiple Vulnerabilities Discovery Date:12.03.2015 Public Disclosure Date:03.10.2016 Exploit Author: Colette Chamberland Contact: [email protected] Vendor Homepage: http://bestwebsoft.com/...
jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)
Cross-site request forgery CSRF vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method...
CVE-2015-7925
Cross-site request forgery CSRF vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot...
CVE-2015-5731
Cross-site request forgery CSRF vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service editing blockage, via a get-post-lock action...
CVE-2015-7233
CVE-2015-7233 describes a CSRF vulnerability in the Drupal OSF module (7.x-3.x) before 7.x-3.1 when the OSF Import module is enabled. The issue allows remote attackers to hijack an administrator’s authenticated session to create new OSF datasets via unspecified vectors. Affected component is the ...
CVE-2015-6966
Multiple cross-site request forgery CSRF vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that 1 create a post via a newsimple action to admin.php or 2 conduct cross-site scripting XSS attacks via the content parameter i...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that 1 create a post via a newsimple action to admin.php or 2 conduct cross-site scripting XSS attacks via the content parameter i...
WordPress <= 4.2.3 - CSRF
This vulnerability is in wp-admin/post.php. It allows an attacker to hijack the authentication of administrators for requests which lock a post. And then an attacker consequently cause a denial of service via a get-post-lock action. Solution Update the plugin...
Ministry Web Designing Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Ministry Web Designing Multiple Vulnerabilities Google Dork: Not for noobs :D Date: 4-8-2015 Exploit Author: R3NW4 Platform: WebApps Vendor Homepage http://www.ministrywebdesigning.com/ Version: All versions Tested on: LinuxDebi...
Free Reprintables ArticleFR Has Multiple Cross-Site Request Forgery Vulnerabilities
Free Reprintables ArticleFR is an article directory scripting system from Free Reprintables Philippines. Free Reprintables ArticleFR 3.0.6 suffers from multiple cross-site request forgery vulnerabilities that allow remote attackers to hijack an administrator authentication request to add an...
CVE-2015-4659
Cross-site request forgery CSRF vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php...
DEBIAN-CVE-2015-3902
Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...
UBUNTU-CVE-2015-3902
Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...
CVE-2015-3902
Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...