The vulnerability of the 1C-Bitrix web project management system allows a hacker to trigger a service failure, obtain confidential information, or rename arbitrary files.

The vulnerability of the admin/bitrix.xscanworker.php module of the 1C-Bitrix web project management system exists due to insufficient restrictions on the path name to the catalog. Exploiting this vulnerability allows a malicious actor to rename arbitrary files, obtain confidential information, o...

DEBIAN-CVE-2014-9403

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash by adding a channel with the same name as an existing channel but without the leading character, related to a...

CVE-2014-3900

Cross-site scripting XSS vulnerability in admin/picturemodify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate field, a different vulnerability than CVE-2014-4649...

Code injection

Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the wordupperbound parameter...

Anantasoft Gazelle CMS CSRF Vulnerability

No description provided by source. ======================================================================= Anantasoft Gazelle CMS CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email...

chilly_CMS CSRF Vulnerability

No description provided by source. ======================================================================= chillyCMS CSRF Vulnerability ======================================================================= Vulnerability found in- Admin module email [email protected] company aksitservices Credi...

ANE CMD CRSF - Add Admin

No description provided by source. ======================================================================= AneCMS CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...

Campsite 3.3.5 - CSRF Vulnerability

No description provided by source. ======================================================================= campsite 3.3.5 CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected]...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these...

Article Friendly CSRF Vulnerability

No description provided by source. ======================================================================= Article friendly CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected]...

Clain_TIger_CMS CSRF Vulnerability

No description provided by source. ======================================================================= ClainTIgerCMS CSRF Vulnerability ======================================================================= Vulnerability found in- Admin module email [email protected] company aksitservices...

DUware DUportal 3.4.3 Pro Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14029/info DUportal Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

Softbiz Jobs CSRF Vulnerability

No description provided by source. ======================================================================= Softbiz Jobs CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] compan...

Serendipity跨站脚本漏洞和SQL注入漏洞

BUGTRAQ ID: 65449 Serendipity是Serendipity团队开发的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。 Serendipity中存在跨站脚本漏洞和SQL注入漏洞。攻击者可利用这些漏洞窃取基于cookie的身份认证，控制应用程序，访问或修改数据，或利用底层数据库中潜在的漏洞。Serendipity 1.7.5版本中存在漏洞，其他版本也可能受到影响。 0 Serendipity 1.7.5 厂商补丁： Serendipity ----- 目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.s9y.org/...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action...

CVE-2013-7209

The CVE-2013-7209 entry concerns JForum (Java-based forum) with a CSRF flaw in the Admin module, specifically admBase/login.page. The vulnerability affects the adminUsers/group permissions flow via the groupsSave action, enabling an attacker to hijack an administrator’s session and cause arbitrar...

CVE-2013-7209

Cross-site request forgery CSRF vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action...

JForum Cross Site Request Forgery

Version : All Vulnerability : Cross-site request forgery Problem type : remote CVE ID : CVE-2013-7209 Jforum Admin module, modify user permissions module exists crsf Vulnerability,use the following code into jforum forum posts, as long as this administrators is opened this post, the permissions o...

CVE-2013-6826

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrftoken parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks...

CVE-2013-6826

cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrftoken parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks...