1125 matches found
AccStatistics v1.1 XSRF Vulnerability (Change Admin Settings)
Exploit for unknown platform in category web applications ============================================================= AccStatistics v1.1 XSRF Vulnerability Change Admin Settings =============================================================...
Chipmunk Board Script 1.x XSRF
------------------------------------------------------------------------------------------------- Title: Chipmunk Board Script 1.x Multiple XSRF Vulnerabilities Author: Milos Zivanovic Date: 11. December 2009...
AccStatistics v1.1 XSRF Vulnerability (Change Admin Settings)
No description provided by source. ------------------------------------------------------------------------------------------------- Title: AccStatistics v1.1 XSRF Vulnerability Change Admin Settings Author: Milos Zivanovic Date: 13. December 2009...
AccStatistics 1.1 - Cross-Site Request Forgery (Change Admin Settings)
------------------------------------------------------------------------------------------------- Title: AccStatistics v1.1 XSRF Vulnerability Change Admin Settings Author: Milos Zivanovic Date: 13. December 2009...
CVE-2009-2331
Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code 1 into settings.php via the menu parameter to adminsettings.php or 2 into a content/=NUMBER.php file via the title parameter to adminnew.php...
CVE-2008-6535
admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter...
CVE-2008-5568
Cross-site request forgery CSRF vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the adminid, newpass1, and newpass2 parameters...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the adminid, newpass1, and newpass2 parameters...
CVE-2008-5565
CVE-2008-5565 is a CSRF vulnerability in DL PayCart 1.34 and earlier, where an attacker can cause an admin password change by triggering a logout action with the parameters NewAdmin, NewPass1, and NewPass2 in admin/settings.php. Root cause is CSRF in the admin settings workflow; impact is partial...
YourFreeWorld Forced Matrix Script - SQL Injection
YourFreeWorld Forced Matrix Script - SQL Injection Forced Matrix Script id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.yourfreeworld.com/script/subscriptionforcedmatrix.php DorK : inurl:"tr1.php?id=" Forced Matrix Exploit :...
YourFreeWorld Classifieds - category SQL Injection
YourFreeWorld Classifieds - category SQL Injection Classifieds category Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.yourfreeworld.com/script/classifieds.php DorK : inurl:classifieds/view.php?category= Exploit :...
classifieds-sql.txt
|| | | Classifieds category Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | script http://www.yourfreeworld.com/script/classifieds.php | | DorK :...
Multiple Century Systems routers vulnerable to cross-site request forgery
Overview The web interface in multiple Century Systems routers is vulnerable to cross-site request forgery. Multiple Century Systems Co., Ltd. routers provide a web-based interface for users to configure the routers. The web interface is vulnerable to cross-site request forgery. Hirotaka Katagiri...
Comparison Engine Power 1.0 - Blind SQL Injection
!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " Comparison Engine Power 1.0 Blind SQL Injection Exploit \n"; print " \n"; print " Author: Mr.SQL \n"; print " EMAIL :...
AirStation series and BroadStation series vulnerable to cross-site request forgery
Overview Buffalo's AirStation Series and BroadStation Series routers are vulnerable to cross-site request forgery. Buffalo's AirStation series and BroadStation series routers have a web administration interface that can be accessed from a web browser to configure their functional settings. The we...
Multiple Yamaha routers vulnerable to cross-site request forgery
Overview The web interface in multiple Yamaha routers is vulnerable to cross-site request forgery. Multiple Yamaha routers provide a web-based interface for users to configure the settings of the routers. The web interface is vulnerable to cross-site request forgery. Impact If the administrator...
CVE-2008-1334
CVE-2008-1334 affects the BT Home Hub router (and related Thomson/Alcatel SpeedTouch components) where an authentication bypass is possible by placing a character at the end of PATH_INFO. The vulnerability lets remote attackers bypass authentication and read/modify administrative settings or init...
Cross site request forgery (csrf)
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp...
CVE-2007-6494
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters...
CVE-2007-6501
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp...