Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests that create administrative users...

CVE-2013-2692

OpenVPN Access Server before 1.8.5 is affected by a CSRF vulnerability in the Admin web interface that can allow an attacker to hijack the authentication of administrators and perform actions to create new administrative users. The issue is described as a cross-site request forgery affecting the ...

Zimbra Collaboration Server LFI Vulnerability

This Metasploit module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to crea...

Zimbra Collaboration Server LFI

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 'Zimbra Collaboration Server LFI', 'Description' = %q This module exploits a local file inclusion on Zimbra...

Adobe ColdFusion 9 Administrative Login Bypass

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to th...

Jive Software Openfire Jabber Server Authentication Bypass (CVE-2008-6508)

Openfire previously known as Wildfire Server is an open source Jabber/XMPP server written in Java. Jabber is an open instant messaging technology that is maintained by the community. Extensible Messaging and Presence Protocol XMPP is an open, XML-inspired protocol originally aimed at...

TeraStation HD-HTGL series cross-site request forgery vulnerability

Overview TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety CSRF vulnerability. Impact If a TeraStation HD-HTGL administrator w...

Kerio MailServer < 6.0.10 Unspecified Admin Web Interface DoS

Binary data 2873.prm...

CVE-2002-1531

The CVE concerns SurfControl SuperScout Email Filter’s administrative web interface (STEMWADM). A vulnerability allows remote attackers to trigger a denial of service (crash) by sending an HTTP request without a Content-Length header. Impact is limited to Availability (PARTIAL) per the NVD scorin...