Black Pig (Sajon) CMS 3.0 XSS / SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================== Black Pig Sajon CMS 3.0 XSS / SQL Injection Exploit ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 ...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that 1 modify a .htaccess file via an unspecified request to protected/manager.cgi or 2 change th...

CVE-2009-4555

Multiple cross-site request forgery CSRF vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that 1 modify a .htaccess file via an unspecified request to protected/manager.cgi or 2 change th...

CVE-2009-4365

CVE-2009-4365 describes multiple cross-site request forgery (CSRF) vulnerabilities in admin.php of ScriptsEz Ez Blog 1.0. The issue allows remote attackers to hijack administrator sessions and perform actions such as adding a blog (add_blog), approving comments (approve_comment), changing adminis...

CVE-2009-4365

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...

PT-2009-6003 · Citrix · Citrix Xencenterweb

Name of the Vulnerable Software and Affected Versions: Citrix XenCenterWeb affected versions not specified Description: The issue concerns multiple cross-site request forgery CSRF vulnerabilities in sample code within the XenServer Resource Kit in Citrix XenCenterWeb. These vulnerabilities allow...

CVE-2009-3718

CVE-2009-3718 describes a SQL injection in Battle Blog (versions 1.25 and 1.30 build 2). The vulnerability is triggered via the UserName parameter in admin/authenticate.asp, allowing remote attackers to execute arbitrary SQL commands. This aligns with the NVD entry (base score 7.5, HIGH) and indi...

CVE-2009-3596

JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request...

CVE-2008-7124

zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote attackers to gain administrator privileges via a direct request, as demonstrated by adding a new administrator...

CVE-2008-7058

CVE-2008-7058 describes a CSRF vulnerability in BandSite CMS 1.1.4 that allows remote attackers to hijack administrator sessions and force a logout via adminpanel/logout.php . The issue is triggered by cross-site requests performed with an authenticated admin, enabling session manipulation withou...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that 1 submit or edit a new project, or 2 upload files to a project, or 3 attach files to messages via unknown vectors. NOTE: these issue...

CVE-2008-6949

Multiple cross-site request forgery CSRF vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that 1 submit or edit a new project, or 2 upload files to a project, or 3 attach files to messages via unknown vectors. NOTE: these issue...

Sql injection

admin/edituser.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the deluserid parameter...

CVE-2009-2328

admin/edituser.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the deluserid parameter...

CVE-2009-2255

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/recordcompany.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the recordcompanyimage parameter in conjunction with a PATHINFO of passwordforgotten.php, then...

CVE-2009-2254

Zen Cart 1.3.8a, 1.3.8 and earlier versions are affected by an unauthenticated access flaw in admin/sqlpatch.php combined with PATH_INFO password_forgotten.php, allowing remote attackers to inject and execute arbitrary SQL via the query_string in an execute action. The issue enables potentially u...

CVE-2009-1802

Multiple cross-site request forgery CSRF vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact...

CVE-2009-1767

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the 1 loginname, 2 password, 3 email, 4 firstname, or 5 lastname parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that 1 change the password, 2 add users, or 3 delete users via unknown vectors...

CVE-2009-1733

Cross-site request forgery CSRF vulnerability in IPplan 4.91a allows remote attackers to hijack the authentication of administrators for requests that 1 change the password, 2 add users, or 3 delete users via unknown vectors...