CVE-2023-0504

The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF

The plugin does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacks Make a logged in admin open a page containing the HTML code be...

CVE-2022-2171

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue...

CVE-2022-1593

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads ...

CVE-2022-1695

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

CVE-2021-31584

Sipwise C5 NGCP wwwcsc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges...

FreeBSD : Gitlab -- Multiple vulnerabilities (56abf87b-96ad-11eb-a218-001b217b3468)

Gitlab reports : Arbitrary File Read During Project Import Kroki Arbitrary File Read/Write Stored Cross-Site-Scripting in merge requests Access data of an internal project through a public project fork as an anonymous user Incident metric images can be deleted by any user Infinite Loop When a Use...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Arbitrary File Read During Project Import Kroki Arbitrary File Read/Write Stored Cross-Site-Scripting in merge requests Access data of an internal project through a public project fork as an anonymous user Incident metric images can be deleted by any user Infinite Loop When a User...

CVE-2020-27975

osCommerce Phoenix CE before 1.0.5.4 allows admin/definelanguage.php CSRF...

CVE-2020-10984

Gambio GX before 4.0.1.0 allows admin/admin.php CSRF...

CVE-2020-9018

LiteCart through 2.2.1 allows admin/?app=users&doc=edituser CSRF to add a user...

CVE-2020-9018

LiteCart through 2.2.1 allows admin/?app=users&doc=edituser CSRF to add a user...

CVE-2019-6779

Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete friend links...

PrestaShop < 1.6.1.19 - BlowFish ECD Privilege Escalation Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 PrestaShop = 1.6.1.19 Privilege Escalation Charles Fol 2018-07-10 See https://ambionics.io/blog/prestashop-privilege-escalation The condition for this exploit to work is for an employee to have the same password as a...

PrestaShop &lt; 1.6.1.19 - &#039;BlowFish ECD&#039; Privilege Escalation

!/usr/bin/env python3 PrestaShop = 1.6.1.19 Privilege Escalation Charles Fol 2018-07-10 See https://ambionics.io/blog/prestashop-privilege-escalation The condition for this exploit to work is for an employee to have the same password as a customer. The exploit will yield a valid employee cookie f...

PHPJabbers Property Listing Script 2.0 - Add Admin CSRF Vulnerability

No description provided by source. Property Listing Script V2.0 - Add Admin CSRF Vulnerability ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

QuickCms 5.4 - Multiple Vulnerabilites

Exploit for php platform in category web applications Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS...

PHPJabbers Property Listing Script 2.0 - Add Admin CSRF Vulnerability

Exploit for php platform in category web applications Property Listing Script V2.0 - Add Admin CSRF Vulnerability ==================================================================== .:. Author : HackXBack .:. Contact : email protected .:. Home : http://www.iphobos.com/blog/ .:. Script :...

FileExecutive 1 - Multiple Vulnerabilities

FileExecutive 1 - Multiple Vulnerabilities ============================================================================== » Thx To : Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ============================================================================== » FileExecutive Multip...