CVE-2013-3729

Multiple cross-site request forgery CSRF vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 groups parameter in a send action in the sendmail module or 2 query parameter in ...

Shopwind online shop system admin authentication bypass vulnerability-vulnerability warning-the black bar safety net

shopwind online shop system background verification is not strict, resulting in a cookie trick 0x00 in the/admin/directory of the index. the asp file contains only a certificate file is as follows 0x01 same directory adminjudge. asp content is as follows, ! Shopwind online shop System Management...

CVE-2014-2075

TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors...

CVE-2013-3098

Multiple cross-site request forgery CSRF vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change admin credentials in a request to setSysAdm.cgi, 2 enable remote management or 3...

CVE-2014-0835

Cross-site request forgery CSRF vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts via a crafted request to admin/accesscontroluseradd.php; 2...

CVE-2013-6922

Multiple cross-site request forgery CSRF vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that 1 add user accounts via a crafted request to admin/accesscontroluseradd.php; 2...

CVE-2014-0010

CVE-2014-0010 describes two CSRF flaws in Moodle’s /user/profile/index.php that allow an attacker to delete custom profile fields or groups/categories by authenticated admin actions. The issue affects Moodle versions up to 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2...

CVE-2014-0621

Multiple cross-site request forgery CSRF vulnerabilities in Technicolor formerly Thomson TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that 1 perform a factory reset via a request to goform/system/factory, 2 disable advanced options via a...

CVE-2013-7233

Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...

UBUNTU-CVE-2013-7233

Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors...

C2C Forward Auction Creator - '/auction/casp/Admin.asp' SQL Injection (Admin Authentication Bypass)

source: https://www.securityfocus.com/bid/64329/info EtoShop C2C Forward Auction Creator is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues by manipulating the SQL...

CVE-2013-5355

Multiple cross-site request forgery CSRF vulnerabilities in Sharetronix 3.1.1 allow remote attackers to hijack the authentication of administrators for requests that 1 change configuration settings or 2 create new administrative users via unspecified vectors...

FortiAnalyzer 5.0.4 - CSRF Vulnerability

Exploit for php platform in category web applications CertR no respond my email, not Fortinet has not given the credits. I. VULNERABILITY ------------------------- CSRF vulnerabilities in OS of fortianalyzer 5.0.4 II. BACKGROUND ------------------------- Fortinet’s industry-leading, Network...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

CVE-2013-3539

Cross-site request forgery CSRF vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change unspecified settings...

CVE-2013-1414

Multiple cross-site request forgery CSRF vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify 1 settings or 2 policies, or 3 restart the device via a...