46 matches found
CVE-2015-7835
The modl2entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping...
QAEngine Theme - Privilege Escalation
QAEngine vulnerability allows an attacker to have an administrator account on the target's website. http://www.example.com/wp-admin/admin-ajax.php?action=ae-sync-user&method=create&userlogin=xADMIN&userpass=xPASS&role=administrator...
Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin
High-Tech Bridge Security Research Lab discovered vulnerability in AskApache Firefox Adsense Wordpress plugin, which can be exploited to perform Сross-Site Request Forgery CSRF attacks. 1 Сross-Site Request Forgery CSRF in AskApache Firefox Adsense Wordpress plugin: CVE-2013-6992 The vulnerabilit...
Chipmunk Chat CSRF remote attack vulnerability-vulnerability warning-the black bar safety net
Chipmunk Chat program background the lack of validation, leading to a CSRF attack remote add administrator exploit. Exp html form method="post" action="http:///admin/reguser.php" Type Username Here: input type="text" name="adminname" size="1 5"br Type Password Here: input type="text"...
Max CMS2. 0beta (maxcms)SQL injection and administrator authentication bypass vulnerability-vulnerability warning-the black bar safety net
This system was internally very popular video-on-demand system, before 1. 5 version vulnerability very much, the 2.0 version in terms of security has improved, but still there are loopholes exist. Look at the code \inc\ajax. asp dim action : action = getForm"action", "get" response. Charset="gbk"...
PHP TopSites 2.02.2 - HTML Injection
PHP TopSites 2.02.2 - HTML Injection source: https://www.securityfocus.com/bid/6621/info An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the tag of the description page, when...