30 matches found
EUVD-2008-1728
Malware in sbrugna...
EUVD-2020-23646
Malware in sbrugna...
EUVD-2022-39337
Malicious code in bioql PyPI...
CVE-2023-33443
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
CVE-2022-26173
JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery CSRF via http://targethost:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts...
CVE-2021-24803 Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account a...
WordPress Core Tweaks WP Setup plugin <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery CSRF vulnerability discovered by Francesco Carlucci in WordPress Core Tweaks WP Setup plugin versions = 4.1. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL...
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Unauthenticated Arbitrary Admin Account Creation
The tcpregisterandloginajax AJAX action of the plugin allows unauthenticated users to create accounts with an arbitrary role such as admin POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5...
SoftNAS Cloud Command Execution Vulnerability
SoftNAS Cloud is a software-defined NAS file management system from US-based SoftNAS. The system is primarily used to provide enterprise-class NAS functionality, including encryption, snapshots and automatic failover. A security vulnerability exists in SoftNAS Cloud versions 4.2.0 and 4.2.1. A...
Cross site request forgery (csrf)
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266...
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: A CSRF vulnerability exists in BEESCMSV4.0: The administrator can be added arbitrarily. Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html Software Link: http://www.beescms.com/ Version: BEESC...
百为流控路由设计不当 可任意添加管理员
POST /goform/webForm HTTP/1.0 Referer: ...:2011/advance/adminuser.htm?v=20130320 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Accept: / Accept-Language: zh-CN Proxy-Connection: Keep-Alive User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; Trident/7.0; rv:11.0 like...
baserCMS plugin "Menubook Plugin" vulnerable to cross-site request forgery
Overview baserCMS plugin "Menubook Plugin" contains a cross-site request forgery vulnerability. CWE-352 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
Thickbox Gallery 2.0 - (admins.php) Admin Data Disclosure Vulnerability
No description provided by source. + Thickbox Gallery v2 Admin Data Disclosure + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Arbitrary Admin Data Disclosure - Go here and you will see the admin data login name + crypted...
ActiveKB <= 1.5 Insecure Cookie Handling/Arbitrary Admin Access
No description provided by source. --==+================================================================================+==-- --==+ ActiveKB = 1.5 Insecure Cookie Handling/Arbitrary Admin Access +==-- --==+================================================================================+==--...
AdaptCMS Lite 1.5 - Arbitrary Add Admin
=========================================================================== Topic : AdaptCMSLite1.5 2009-07-07 Bug type : change admin user,passwd & add new admin user exploit Download : http://sourceforge.net/projects/adaptcms/files/AdaptCMS%20Lite%20v1/1.5/AdaptCMSLite1.5.zip/download Advisory ...
Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection Cross-Site Scripting Arbitrary Admin Change
Open Source Classifieds 1.1.0 Alpha OSClassi - SQL Injection Cross-Site Scripting Arbitrary Admin Change / / / | | \ | |/ | ' \ / | / / / | ' / | \ \ | | | | | | | | | / / | | | \ \ /|/|| || ||,| /,|./|/...
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...
FubarForum 1.6 Arbitrary Admin Bypass Vulnerability
No description provided by source. in the name of god ..:: [email protected] ::.. Tanx from : Expl0its Script : FubarForum Version : 1.6 Dork : "Powered by FubarForum v1.6" /forum/index.php?page=admin milw0rm.com 2008-12-28...