298 matches found
Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm
Description Hi there, I would like to report a CSRF vulnerability in yetiforcecompany/yetiforcecrm. This allows an attacker to create a new admin. Even when SameSite: Strict enable, this still can be exploited by an attacker with lowest privilege account E.g. guest. Proof of Concept + These are...
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Vulnerability
Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation
Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...
CVE-2021-41647
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user...
Online-Food-Ordering-Web-App SQL注入漏洞
Online-Food-Ordering-Web-App is an open source online food ordering system website by the individual developer Kaushik Jadhav. Online-Food-Ordering-Web-App suffers from a SQL injection vulnerability that stems from an error- and time-based unauthenticated SQL blind injection vulnerability in...
Cisco SD-WAN vManage Software 授权问题漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. An authorization issue vulnerability exists in the messaging service of Cisco SD-WAN vManage, which can be exploited by an attacker to invoke elevated privilege operations,...
VulnCheck KEV: CVE-2019-9879
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation...
Cody Thomas Mythic Cross-Site Scripting Vulnerability
Cody Thomas Mythic is a Python-based platform used by Cody Thomas Individual Developer to provide solutions to Opsec issues. Cody Thomas Mythic 1.4 suffers from a cross-site scripting vulnerability that allows an attacker to steal remote administrative user sessions or add new users to the admin...
CVE-2020-15099
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...
PT-2020-12529 · Typo3 · Typo3/Cms
Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.16 TYPO3 CMS versions 10.0.0 through 10.4.1 Description: A same-site request forgery vulnerability has been discovered in the backend user interface and install tool of TYPO3 CMS. This vulnerability can be...
CVE-2019-19743
On D-Link DIR-615 devices, a normal user is able to create a rootadmin user from the D-Link portal...
DEBIAN-CVE-2019-18345
A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an...
UBUNTU-CVE-2019-18346
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user...
CVE-2017-8230
On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups "admin" and "user". However, as a part of security analysis it was identified that a low privileged user who belongs to the "user" group and who has access to login in to the web administrativ...
RedwoodHQ Bypass Authentication Vulnerability
RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...
CVE-2019-12890
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...
CVE-2019-12502
There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...
CVE-2019-8437
njiandan-cms through 2013-05-23 has index.php/admin/usernew CSRF to add an administrator...
CVE-2019-9625
JBMC DirectAdmin 1.55 allows CSRF via the /CMDACCOUNTADMIN URI to create a new admin account...
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)
LayerBB 1.1.2 - Cross-Site Request Forgery Add Admin Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery Date: 10/4/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-17996 1. Description:...