EUVD-2020-17778

Malware in sbrugna...

Cross site scripting

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advancedsettings/adminUsers.php...

TinyMCE 2.0.1 - (index.php menuID) Remote SQL Injection Vulnerability

No description provided by source. removed from the frontend, the product affected isn't TinyMCE. if you know which CMS this is please contact me /str0ke TinyMCE Remote SQL Injection Prodcut: TinyMCE Version 2.0.1 Home : http://tinymce.moxiecode.com Vunlerability : 2/ SQL Injection Risk : high !!...

PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)

Property Listing Script V2.0 - Add Admin CSRF Vulnerability ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/property-listing-script/ === Exploit ===...

JForum login.page adminUsers模块iyonghu权限跨站请求伪造漏洞

CVE ID:CVE-2013-7209 JForum是采用Java开发的功能强大且稳定的论坛系统。 JForum login.page中的adminUsers模块不正确保护跨站请求伪造攻击，允许远程攻击者利用漏洞构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。 0 JForum 目前没有详细解决方案提供： http://jforum.net/...

JForum 'adminUsers' Module - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/64540/info JForum is prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the...

Free Hosting Manager 2.0 - 'id' SQL Injection

Free Hosting Manager V2.0 SQL Injection Vulnerability Google Dork: inurl:clients/packages.php?id=1 Bug discovered by Yakir Wizman AKA Pr0T3cT10n, Date: 29/11/2012 Version: 2.0 Software Link: http://www.fhm-script.com/download.php ISRAEL Author will be not responsible for any damage. SQL Injection...

CVE-2011-4452

Cross-site request forgery CSRF vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an image action...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an image action...

CVE-2011-4452

CVE-2011-4452 describes a CSRF vulnerability in WikkaWiki 1.3.1–1.3.2, specifically in the AdminUsers component. An attacker can lure an admin to visit a malicious page containing an image action that triggers delete requests, potentially hijacking the administrator’s session and removing arbitra...

CVE-2011-4452

Cross-site request forgery CSRF vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an image action...

CVE-2012-4324

Cross-site request forgery CSRF vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php...

CVE-2012-4324

Cross-site request forgery CSRF vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php...

CVE-2012-4324

CVE-2012-4324: CSRF in PHPJabbers Vacation Rental Script permits remote attackers to hijack administrator authentication by issuing requests that trigger adding admin accounts via the AdminUsers create action on index.php. The vulnerability detail explicitly identifies the affected software and t...

TinyMCE 2.0.1 - 'menuID' SQL Injection

removed from the frontend, the product affected isn't TinyMCE. if you know which CMS this is please contact me /str0ke TinyMCE Remote SQL Injection Prodcut: TinyMCE Version 2.0.1 Home : http://tinymce.moxiecode.com Vunlerability : 2/ SQL Injection Risk : high !! Dork : N/A Discovred by: AnGeL25dZ...

phpCommunityCalendar <= 4.0.3 Multiple (XSS/SQL) Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ phpCommunityCalendar author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS:...

CVE-2002-0995

PHPAuction's login.php is vulnerable: a direct call with action=insert allows remote attackers to add a username to the adminUsers table, effectively gaining privileges. The CVE entry documents this privilege escalation and labels it high severity (CVSS v2 base score 7.5). The provided sources co...