Cross site request forgery (csrf)

Kliqqi 2.0.2 has CSRF in admin/adminusers.php...

CVE-2018-11405

Kliqqi 2.0.2 has CSRF in admin/adminusers.php...

CVE-2018-11405

Kliqqi 2.0.2 has CSRF in admin/adminusers.php...

CVE-2018-11405

Kliqqi 2.0.2 has a Cross-Site Request Forgery (CSRF) vulnerability in admin/admin_users.php. Multiple sources (NVD/NVDC-family and CNVD) describe CSRF affecting this version; CNVD explicitly states a remote attacker can exploit it to create administrator accounts. No further exploit details or fi...

Kliqqi Cross-Site Request Forgery Vulnerability

Kliqqi is a CMS Content Management System. A cross-site request forgery vulnerability exists in the admin/adminusers.php page in Kliqqi version 2.0.2. A remote attacker can exploit this vulnerability to create accounts with administrator privileges...

CVE-2015-6655

Cross-site request forgery CSRF vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/adminusers.php...

CVE-2015-6655

Cross-site request forgery CSRF vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/adminusers.php...

CVE-2015-6655

CVE-2015-6655 affects Pligg CMS 2.0.2. A Cross-Site Request Forgery in admin/admin_users.php lets an attacker add an administrator by forging requests, hijacking admin authentication. Public-facing details show PoCs/exploits (e.g., Exploit-DB entry) demonstrating/add-admin CSRF behavior. The avai...

gpEasy <= 1.5RC3 Remote FIle Include Exploit

No description provided by source. Exploit Title: gpEasy = 1.5RC3 Remote FIle Include Exploit Date: 18-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/projects/gpeasy/files/ Version: N/A Tested on: GNU/LINUX Code adminpassword.php :...

CVE-2012-2937

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 list parameter in a move action to admin/adminindex.php, 2 display parameter in a minimize action to admin/adminindex.php, 3 enabled parameter to admin/adminusers.ph...

Pligg CMS 1.2.1 SQL注入漏洞

Bugtraq ID: 53625 Pligg CMS是一款内容管理系统。 Pligg CMS包含的admin/adminindex.php，admin/adminusers.php，module.php脚本不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可获得数据库信息或控制应用系统。 0 Pligg CMS 1.2.1 厂商解决方案 Pligg CMS 1.2.2已经修复此漏洞，建议用户下载使用： http://forums.pligg.com/downloads.php?do=file&id=15...

CVE-2007-6552

Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/adminusers.php to bypass a protection...

AuraCMS 2.2 - Remote Add Administrator

!/usr/bin/perl Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.2 - adminusers.php Remote Add Administrator Exploit Waktu : Dec 25 2007 04:50AM Software : AuraCMS 2.2 Vendor : http://www.auracms.org/ Ditemukan oleh : k1tk4t | http://newhack.org Lokasi : Indonesi...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

CVE-2006-0438

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

phpBB2.0.19.txt

Orginal Source: http://securityreason.com/achievementsecurityalert/31 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin Author: Maksymilian Arciemowicz cXIb8O3 Date: 3.2.2006 from SecurityReason.Com CVE-2006-0437 for the XSS issues CVE-2006-0438...