67 matches found
Chat Bubble <= 2.4 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2023-16329 · WordPress · Enable/Disable Auto Login When Register
Name of the Vulnerable Software and Affected Versions: Enable/Disable Auto Login when Register WordPress plugin versions 1.1.0 and earlier Description: The issue concerns a lack of CSRF check when updating settings in the Enable/Disable Auto Login when Register WordPress plugin. This could allow...
Becustom < 1.0.5.3 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...
NounsDAOLogic.sol would become bricked if NoansDAOExecutor.sol admin ever changes
Lines of code Vulnerability details Impact NounsDAOLogic.sol would become bricked and upgradability would be completely broken Proof of Concept In the current setup, NoansDAOExecutor.sol is both admin and timelock for NounsDAOLogic.sol. If the admin for NoansDAOExecutor.sol was ever changed,...
CVE-2022-2172 LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF
The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack...
The vulnerability of the /admin/general/change-lang component of the TrueConf Server software, which allows a hacker to redirect a user to any arbitrary URL address.
The vulnerability of the /admin/general/change-lang component of the TrueConf Server involves redirecting URLs to an unreliable website. Exploiting this vulnerability could allow a malicious actor to redirect users to any given URL address...
Rug vector for admin of Lender.sol who can max approve all principal tokens for any market without waiting the 3 days to themselves
Lines of code Vulnerability details Impact The admin of Lender.sol is authorized to call the function approve which will grant any address max approval over the principal tokens of a particular market. I assume that this functionality is used to approve the respective redeemer contracts used in...
Cross site request forgery (csrf)
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues. PoC...
CVE-2021-24818 WP Limits <= 1.0 - Plugin's Settings Update via CSRF
The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values...
Cross site request forgery (csrf)
The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack...
Two-step change of an admin address
Handle pauliax Vulnerability details Impact function setAdmin allows the current admin to change it to a different address. If accidentally an invalid address is used for which they do not have the private key, then it cannot be corrected and none of the functions that require admin caller can be...
CVE-2020-12429
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/checkavailability.php, admin/index.php, change-password.php, checkavailability.php, includes/header.php,...
Intellinet IP Camera INT-L100M20N - Unauthorized Admin Credential Change
!/bin/bash INTELLINET IP Camera INT-L100M20N remote change admin user/password Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY. Do not use it without permission. The usual...
SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change
SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change !/bin/bash SIEMENS IP Camera CCMW1025 x.2.2.1798 remote change admin user/password Copyright 2016 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is...
PYSEC-2014-7
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
UBUNTU-CVE-2014-0483
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload
+----------------------------------------------------------------------+ | | | | | | | | | | \ | | | | | | | | | | | | | | | | | | |/ |/ | |/ / ||| | | | | | | | | | | | | | | | || || | | | |/||,|||\ ||/ | | | |/| | | | x Exploit Title: w-CMS 2.0.1 Multiple Vulnerabilities | | x Google Dork:...
w-CMS 2.0.1 - Multiple Vulnerabilities
w-CMS 2.0.1 - Multiple Vulnerabilities +----------------------------------------------------------------------+ | | | | | | | | | | \ | | | | | | | | | | | | | | | | | | |/ |/ | |/ / ||| | | | | | | | | | | | | | | | || || | | | |/||,|||\ ||/ | | | |/| | | | x Exploit Title: w-CMS 2.0.1...
Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection Cross-Site Scripting Arbitrary Admin Change
Open Source Classifieds 1.1.0 Alpha OSClassi - SQL Injection Cross-Site Scripting Arbitrary Admin Change / / / | | \ | |/ | ' \ / | / / / | ' / | \ \ | | | | | | | | | / / | | | \ \ /|/|| || ||,| /,|./|/...