Lucene search
+L

1125 matches found

0day.today
0day.today
added 2009/12/13 12:0 a.m.15 views

AccStatistics v1.1 XSRF Vulnerability (Change Admin Settings)

Exploit for unknown platform in category web applications ============================================================= AccStatistics v1.1 XSRF Vulnerability Change Admin Settings =============================================================...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/12/13 12:0 a.m.38 views

Chipmunk Board Script 1.x XSRF

------------------------------------------------------------------------------------------------- Title: Chipmunk Board Script 1.x Multiple XSRF Vulnerabilities Author: Milos Zivanovic Date: 11. December 2009...

0.4AI score
Exploits0
seebug.org
seebug.org
added 2009/12/13 12:0 a.m.15 views

AccStatistics v1.1 XSRF Vulnerability (Change Admin Settings)

No description provided by source. ------------------------------------------------------------------------------------------------- Title: AccStatistics v1.1 XSRF Vulnerability Change Admin Settings Author: Milos Zivanovic Date: 13. December 2009...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/12/13 12:0 a.m.35 views

AccStatistics 1.1 - Cross-Site Request Forgery (Change Admin Settings)

------------------------------------------------------------------------------------------------- Title: AccStatistics v1.1 XSRF Vulnerability Change Admin Settings Author: Milos Zivanovic Date: 13. December 2009...

7.4AI score
Exploits0
NVD
NVD
added 2009/07/05 4:30 p.m.26 views

CVE-2009-2331

Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code 1 into settings.php via the menu parameter to adminsettings.php or 2 into a content/=NUMBER.php file via the title parameter to adminnew.php...

7.5CVSS7.4AI score0.02396EPSS
Exploits0References3
NVD
NVD
added 2009/03/26 9:0 p.m.13 views

CVE-2008-6535

admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter...

7.5CVSS6.8AI score0.06331EPSS
Exploits0References4
NVD
NVD
added 2008/12/15 6:0 p.m.31 views

CVE-2008-5568

Cross-site request forgery CSRF vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the adminid, newpass1, and newpass2 parameters...

6.8CVSS7AI score0.00981EPSS
Exploits0References3
Prion
Prion
added 2008/12/15 6:0 p.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the adminid, newpass1, and newpass2 parameters...

6.8CVSS7.5AI score0.00981EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2008/12/15 5:45 p.m.44 views

CVE-2008-5565

CVE-2008-5565 is a CSRF vulnerability in DL PayCart 1.34 and earlier, where an attacker can cause an admin password change by triggering a logout action with the parameters NewAdmin, NewPass1, and NewPass2 in admin/settings.php. Root cause is CSRF in the admin settings workflow; impact is partial...

6.8CVSS7AI score0.00993EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2008/11/01 12:0 a.m.39 views

YourFreeWorld Forced Matrix Script - SQL Injection

YourFreeWorld Forced Matrix Script - SQL Injection Forced Matrix Script id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.yourfreeworld.com/script/subscriptionforcedmatrix.php DorK : inurl:"tr1.php?id=" Forced Matrix Exploit :...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2008/11/01 12:0 a.m.17 views

YourFreeWorld Classifieds - category SQL Injection

YourFreeWorld Classifieds - category SQL Injection Classifieds category Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.yourfreeworld.com/script/classifieds.php DorK : inurl:classifieds/view.php?category= Exploit :...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2008/08/20 12:0 a.m.25 views

classifieds-sql.txt

|| | | Classifieds category Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | script http://www.yourfreeworld.com/script/classifieds.php | | DorK :...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/07/24 5:23 a.m.3 views

Multiple Century Systems routers vulnerable to cross-site request forgery

Overview The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery. Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Hirotaka Katagiri...

4CVSS6.8AI score0.0059EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2008/06/17 12:0 a.m.43 views

Comparison Engine Power 1.0 - Blind SQL Injection

!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " Comparison Engine Power 1.0 Blind SQL Injection Exploit \n"; print " \n"; print " Author: Mr.SQL \n"; print " EMAIL :...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

AirStation series and BroadStation series vulnerable to cross-site request forgery

Overview Buffalo's AirStation Series and BroadStation Series routers are vulnerable to cross-site request forgery. Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The we...

4CVSS6.8AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.4 views

Multiple Yamaha routers vulnerable to cross-site request forgery

Overview The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery. Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator...

7.5CVSS6.9AI score0.00678EPSS
Exploits0References10
CVE
CVE
added 2008/03/13 6:0 p.m.65 views

CVE-2008-1334

CVE-2008-1334 affects the BT Home Hub router (and related Thomson/Alcatel SpeedTouch components) where an authentication bypass is possible by placing a character at the end of PATH_INFO. The vulnerability lets remote attackers bypass authentication and read/modify administrative settings or init...

7.5CVSS6.7AI score0.01675EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2007/12/20 8:46 p.m.14 views

Cross site request forgery (csrf)

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp...

5.5CVSS6.7AI score0.02407EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/12/20 8:46 p.m.7 views

CVE-2007-6494

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters...

10CVSS5.7AI score0.11773EPSS
Exploits1References8
Cvelist
Cvelist
added 2007/12/20 8:0 p.m.22 views

CVE-2007-6501

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp...

6.2AI score0.02407EPSS
Exploits1References8
Rows per page
Query Builder