Lucene search
+L

67 matches found

WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.9 views

Chat Bubble <= 2.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS8.6AI score0.00262EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.9 views

PT-2023-16329 · WordPress · Enable/Disable Auto Login When Register

Name of the Vulnerable Software and Affected Versions: Enable/Disable Auto Login when Register WordPress plugin versions 1.1.0 and earlier Description: The issue concerns a lack of CSRF check when updating settings in the Enable/Disable Auto Login when Register WordPress plugin. This could allow...

6.5CVSS6.8AI score0.00326EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2022/11/14 12:0 a.m.22 views

Becustom < 1.0.5.3 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

8.8CVSS4AI score0.00781EPSS
Exploits5References1Affected Software1
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.10 views

NounsDAOLogic.sol would become bricked if NoansDAOExecutor.sol admin ever changes

Lines of code Vulnerability details Impact NounsDAOLogic.sol would become bricked and upgradability would be completely broken Proof of Concept In the current setup, NoansDAOExecutor.sol is both admin and timelock for NounsDAOLogic.sol. If the admin for NoansDAOExecutor.sol was ever changed,...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2022/08/22 2:59 p.m.22 views

CVE-2022-2172 LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF

The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack...

4.9AI score0.00317EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2022/07/01 12:0 a.m.7 views

The vulnerability of the /admin/general/change-lang component of the TrueConf Server software, which allows a hacker to redirect a user to any arbitrary URL address.

The vulnerability of the /admin/general/change-lang component of the TrueConf Server involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to redirect users to any given URL address...

4CVSS6.3AI score0.00691EPSS
Exploits1References4Affected Software1
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.15 views

Rug vector for admin of Lender.sol who can max approve all principal tokens for any market without waiting the 3 days to themselves

Lines of code Vulnerability details Impact The admin of Lender.sol is authorized to call the function approve which will grant any address max approval over the principal tokens of a particular market. I assume that this functionality is used to approve the respective redeemer contracts used in...

7AI score
Exploits0
Prion
Prion
added 2022/06/13 1:15 p.m.20 views

Cross site request forgery (csrf)

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

4.3CVSS4.5AI score0.00412EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/20 12:0 a.m.18 views

Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues. PoC...

6.1CVSS4AI score0.00386EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2021/12/13 10:41 a.m.19 views

CVE-2021-24818 WP Limits <= 1.0 - Plugin's Settings Update via CSRF

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values...

4.9AI score0.00435EPSS
Exploits2References1
Prion
Prion
added 2021/11/17 11:15 a.m.13 views

Cross site request forgery (csrf)

The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.3AI score0.00531EPSS
Exploits2References1Affected Software1
Code423n4
Code423n4
added 2021/11/10 12:0 a.m.7 views

Two-step change of an admin address

Handle pauliax Vulnerability details Impact function setAdmin allows the current admin to change it to a different address. If accidentally an invalid address is used for which they do not have the private key, then it cannot be corrected and none of the functions that require admin caller can be...

6.8AI score
Exploits0
OSV
OSV
added 2020/04/28 8:15 p.m.5 views

CVE-2020-12429

Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/checkavailability.php, admin/index.php, change-password.php, checkavailability.php, includes/header.php,...

9.8CVSS7.3AI score0.02447EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2016/08/29 12:0 a.m.23 views

Intellinet IP Camera INT-L100M20N - Unauthorized Admin Credential Change

!/bin/bash INTELLINET IP Camera INT-L100M20N remote change admin user/password Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY. Do not use it without permission. The usual...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/08/18 12:0 a.m.20 views

SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change

SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change !/bin/bash SIEMENS IP Camera CCMW1025 x.2.2.1798 remote change admin user/password Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is...

0.6AI score
Exploits0
PyPA
PyPA
added 2014/08/26 2:55 p.m.7 views

PYSEC-2014-7

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

3.5CVSS6.4AI score0.01984EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2014/08/26 12:0 a.m.12 views

UBUNTU-CVE-2014-0483

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...

3.5CVSS5.8AI score0.01984EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2012/04/07 12:0 a.m.34 views

w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload

+----------------------------------------------------------------------+ | | | | | | | | | | \ | | | | | | | | | | | | | | | | | | |/ |/ | |/ / ||| | | | | | | | | | | | | | | | || || | | | |/||,|||\ ||/ | | | |/| | | | x Exploit Title: w-CMS 2.0.1 Multiple Vulnerabilities | | x Google Dork:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/04/06 12:0 a.m.33 views

w-CMS 2.0.1 - Multiple Vulnerabilities

w-CMS 2.0.1 - Multiple Vulnerabilities +----------------------------------------------------------------------+ | | | | | | | | | | \ | | | | | | | | | | | | | | | | | | |/ |/ | |/ / ||| | | | | | | | | | | | | | | | || || | | | |/||,|||\ ||/ | | | |/| | | | x Exploit Title: w-CMS 2.0.1...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2010/02/18 12:0 a.m.21 views

Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection Cross-Site Scripting Arbitrary Admin Change

Open Source Classifieds 1.1.0 Alpha OSClassi - SQL Injection Cross-Site Scripting Arbitrary Admin Change / / / | | \ | |/ | ' \ / | / / / | ' / | \ \ | | | | | | | | | / / | | | \ \ /|/|| || ||,| /,|./|/...

0.4AI score
Exploits0
Rows per page
Query Builder