JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

CVE-2012-5992

CVE-2012-5992 affects Cisco Wireless LAN Controller (WLC) devices running software 7.2.110.0. Concrete details from connected documents describe multiple CSRF vulnerabilities that allow an attacker to hijack administrator authentication for requests such as adding administrative accounts (via scr...

CVE-2012-5547

Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in OpenText ECM formerly Livelink ECM 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to...

Spicy E-commerce - SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

CVE-2012-5319

The CVE-2012-5319 entry describes a CSRF vulnerability in the D-Link devices DCS-900, DCS-2000, and DCS-5300, specifically affecting the setup/security.cgi path. The underlying issue allows an attacker to hijack an administrator’s session and submit requests that change the administrator password...

CVE-2012-1414

Cross-site request forgery CSRF vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action...

CVE-2012-1897

CVE-2012-1897 affects Wolf CMS 0.75 and earlier. The issue is multiple cross-site request forgery (CSRF) vulnerabilities in the admin interface that allow remote attackers to hijack administrator authentication to perform actions such as (1) deleting users by user id (admin/user/delete), (2) dele...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that 1 add group plans via admin/groupplans.html or 2 add extra packages via admin/extrapacks/createextrapack.html...

CVE-2012-5004

Multiple cross-site request forgery CSRF vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that 1 add group plans via admin/groupplans.html or 2 add extra packages via admin/extrapacks/createextrapack.html...

WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...

DEBIAN-CVE-2012-2128

Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...

PT-2012-3824 · Dokuwiki · Dokuwiki

Name of the Vulnerable Software and Affected Versions: DokuWiki version 2012-01-25 Angua Description: A cross-site request forgery CSRF issue in doku.php allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. The vendor disputes this issue,...

CVE-2012-1921

Cross-site request forgery CSRF vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter...

CVE-2010-5088

Multiple cross-site request forgery CSRF vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087...

CVE-2012-3231

CVE-2012-3231 affects web@all 2.0. The CSRF vulnerability resides in actions performed via HTTP requests to inc/browser/action.php (do_addfile), allowing an authenticated administrator to add, delete, or modify sensitive data. A PoC demonstrates how an attacker could forge a request to create an ...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an 1 up or 2 down action...

CVE-2012-3799

Multiple cross-site request forgery CSRF vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 change workflows or 2 insert cross-site scripting XSS sequences...