Authentication flaw

admin/manageusers.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters...

CVE-2009-4929

admin/manageusers.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters...

Auction_Software Script - Admin Authentication Bypass

AuctionSoftware Script - Admin Authentication Bypass 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : AuctionSoftware Script Admin Login Bypass vulnerability vendor URL :http://www.brotherscripts.com/ Price: $24.95 Author : altbta dork : "PHPAuction GPL Enhanced V2....

Auction_Software Script - Admin Authentication Bypass

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : AuctionSoftware Script Admin Login Bypass vulnerability vendor URL :http://www.brotherscripts.com/ Price: $24.95 Author : altbta dork : "PHPAuction GPL Enhanced V2.51 by AuctionCode.com"...

PT-2010-4133 · Ibm +6 · Aix +7

Name of the Vulnerable Software and Affected Versions: InterSect Alliance Snare Agent versions 3.2.3 and earlier on Solaris InterSect Alliance Snare Agent versions 3.1.7 and earlier on Windows InterSect Alliance Snare Agent versions 1.5.0 and earlier on Linux and AIX InterSect Alliance Snare Agen...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...

CVE-2010-2345

The CVE-2010-2345 entry concerns odCMS 1.06 (potentially earlier) and describes a Cross-Site Request Forgery (CSRF) that can hijack an administrator’s session to perform actions such as changing the administrative password and other unspecified requests. The linked sources in the CVE describe the...

DEBIAN-CVE-2010-0540

Cross-site request forgery CSRF vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings...

CVE-2010-0540

Cross-site request forgery CSRF vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings...

CVE-2010-2282

The CVE-2010-2282 entry describes a Cross-site Request Forgery (CSRF) vulnerability in TomatoCMS 2.0.6. The issue allows remote attackers to hijack the authentication of administrators by issuing requests that change the administrative password. The connected sources confirm the affected software...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via 1 apsetup.php, 2 psetup.php, 3 sslpsetup.php, or 4 mqsetup.php...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that 1 reset the modem, 2 erase the...

CVE-2010-2007

Multiple cross-site request forgery CSRF vulnerabilities in LetoDMS formerly MyDMS 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use 1 op/op.EditUserData.php, 2 op/op.UsrMgr.php, 3 out/out.RemoveVersion.php, 4 op/op.RemoveFolder.php, 5...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...

CVE-2009-4849

Multiple cross-site request forgery CSRF vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that 1 create a new user account via a save action to tvserver/user/user.do, 2 shutdown a...

CVE-2010-1611

Cross-site request forgery CSRF vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in hosting/adminac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action...

CVE-2009-4827

Cross-site request forgery CSRF vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks or 2 change unspecified settings...

CVE-2009-4787

Pligg CMS (before 1.0.3) is affected by multiple CSRF vulnerabilities that enable remote attackers to hijack administrator sessions for actions such as creating user accounts; additional OpenVAS/Nessus entries note related XSS/CSRF issues. The confirmed impact is administrative hijacking via CSRF...