Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Bulb Security Smartphone Pentest Framework SPF 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct 1 shell metacharacter or 2 SQL injection attacks or 3 send an SMS message...

CVE-2014-7190

Multiple cross-site request forgery CSRF vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that 1 shutdown or 2 reboot the server via a request to admin/systemshutdown.html...

CVE-2012-5683

Multiple cross-site request forgery CSRF vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create new FTP users via a CreateFTP action in the ftpmanagement module to the default URI, 2 conduct cross-site scriptin...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the title parameter...

nodez <= 4.6.1.1 mercury Multiple Vulnerabilities

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; / software: site: nodez.greentinted.com/ description:...

gCards <= 1.45 Multiple Vulnerabilities All-In-One Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo gCards = 1.45 multiple vulnerabilities\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo Sun-Tzu:\At first, then, exhibit the coyness of a maiden, until the\r\n; echo enem...

Expinion.net News Manager Lite 2.5 NEWS_LOGIN Cookie ADMIN Parameter Manipulation Admin Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. The issues exist in the...

paFileDB 3.5.2/3.5.3 - Remote Login Bypass SQL Injection Vulnerability

No description provided by source. PafileDB Login SQL injection = author : koray & [email protected] Risk : High Class : Remote Vulnerable Script : pafileDB Version : 3.5.2 / 3.5.3 google : powered by pafiledb 3.5.3/2 greetz : www.cigicigi.net & redhackers Vulnerable; include/admin/auth.php c0de...

psipuss 1.0 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. ...:::::psipuss version 1.0 SQL Injection Vulnerabilities ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all...

CVE-2014-3414

Sharetronix (≤3.3) is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can hijack administrator authentication to grant admin privileges via the /admin/administrators endpoint. Likely impact is privilege escalation of existing users. Vendor fixed the issue by updating to Sharetr...

CVE-2014-3760

Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...

CVE-2014-3760

CVE-2014-3760 applies to D-Link DAP-1150 firmware 1.2.94, where multiple CSRF flaws allow remote attackers to hijack administrator sessions and perform actions via index.cgi in the Firewall/DMZ and Control/URL-filter sections (e.g., enabling/disabling DMZ or adding/modifying/deleting URL-filter r...

CVE-2013-2034

Multiple cross-site request forgery CSRF vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that 1 execute arbitrary code or 2 initiat...

CVE-2014-1615

Multiple cross-site request forgery CSRF vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in TopAccess aka the web-based management utility on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests that manipulate plugin settings via unspecified vectors...

CVE-2012-4921

The CVE-2012-4921 entry concerns the WordPress plugin DVS Custom Notification (versions

CVE-2013-7352

Cross-site request forgery CSRF vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the showstatuses parameter, related to CVE-2013-2945...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 groups parameter in a send action in the sendmail module or 2 query parameter in ...