WESPA PHP Newsletter 3.0 Administrator Password Change

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com...

Multiple Vulnerabilities in UseBB

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in UseBB which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in UseBB 1.1 The vulnerability exists due to insufficient validation of the request...

Multiple Vulnerabilities in Eleanor CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in Eleanor CMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in Eleanor CMS The vulnerability exists due to input sanitation error in the...

N-13 News Cross-Site Request Forgery Vulnerability

This host is running N-13 News and is prone to Cross-Site Request Forgery vulnerability. OpenVAS Vulnerability Test $Id: gbn13newscsrfvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ N-13 News Cross-Site Request Forgery Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks...

CVE-2011-0641

Multiple cross-site scripting XSS vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 what1, 2 what2, 3 what3, 4 what4, and 5 what5 parameters. NOTE: the provenance of this information is...

CVE-2011-0641

Multiple cross-site scripting XSS vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 what1, 2 what2, 3 what3, 4 what4, and 5 what5 parameters. NOTE: the provenance of this information is...

WordPress StatPressCN Plugin <= 1.9.0 - Multiple XSS

Because of these vulnerabilities in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

N - 1 3 news 3.4 remote admin add CSRF vulnerability-vulnerability warning-the black bar safety net

EXP: the html head titleRemote Admin Add CSRF Exploit/title /head H2Remote Admin Add CSRF Exploit by qing-Edit/H2 formmethod="POST"name="form0"action="http://localhost/news/admin.php?action=options&mod=accounts&create=new" inputtype="hidden"name="accountname"value="admin" /...

CVE-2010-4613

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the site parameter to 1 index.php and 2 admin.php...

CVE-2010-4613

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the site parameter to 1 index.php and 2 admin.php...

CVE-2010-4275

Multiple cross-site scripting XSS vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 name or 2 descr parameter in an a updateusergroup or a b storenas action to admin.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 name or 2 descr parameter in an a updateusergroup or a b storenas action to admin.php...

CVE-2010-4275

Radius Manager 3.8.0 is affected by multiple stored XSS vulnerabilities. The issue arises in the admin.php actions update_usergroup and store_nas, where unsanitized inputs for name/descr can inject arbitrary script/HTML. Exploitation requires an authenticated administrator; impact is limited to t...

CMScout 2.09 Cross Site Request Forgery

Vulnerability ID: HTB22719 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincmscout.html Product: CMScout Vendor: CMScout Team http://www.cmscout.co.za/ Vulnerable Version: 2.09 and probably prior versions Vendor Notification: 25 November 2010 Vulnerability Type: CSRF Cross-Site Request Forge...

Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities

Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities Vulnerability ID: HTB22721 Reference: http://www.htbridge.ch/advisory/storedxsscrosssitescriptingvulnerabilityindiferior.html Product: Diferior Vendor: Povilas Musteikis http://www.diferior.com/ Vulnerable Version: 8.03 and probably...

Jamb - Cross-Site Request Forgery (Add a Post)

!/usr/bin/python /\ \ /\ \ /'\ /\ \ \ \ /\ \ /\//\ \ /\ /\ \ \ \ \ \ \ \ \ /'\ /\ /\ \ \ \ /'\ \ \ \ \ /' \ /'\ /'\''\ /\ /\ \ \ \ \ \ / \ / | \ \\ /\ /\ \ \ \ \L\ /\ / /\ / \ /\ / \ / / \ \ / \ / \ \\ \\ / ,\ \ \ \ \ \ \x/' // //// ////// // /, ///...

nileweb School CMS injection vulnerability and repair programme-vulnerability warning-the black bar safety net

nileweb School CMS program index. php parameter filtering is not strictly the presence of injection vulnerabilities. Batch google. cn inurl:index. php? action= http://localhost/index.php?action=cms/showpaget&pageid=-21+/! uniOn/+select+1,convertgrOupcOncatusername,0x3a,password using...

Jax Guestbook admin bypass vulnerability

Exploit for php platform in category web applications ======================================== Jax Guestbook admin bypass vulnerability ======================================== Exploit Title: Jax Guestbook admin bypass vulnerability Date: 3.10.2010 Author: EraGoN Software...

Sql injection

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...

CVE-2010-3608

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...