Design/Logic Flaw

IBM Intelligent Operations Center IOC 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011...

CVE-2019-4066

IBM Intelligent Operations Center IOC 5.1.0 through 5.2.0 could allow an authenciated user to create arbitrary users which could cause ID management issues and result in code execution. IBM X-Force ID: 157011...

CVE-2018-7701

Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...

CVE-2012-0699

Multiple cross-site request forgery CSRF vulnerabilities in Family Connections CMS aka FCMS 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that 1 add news via an add action to familynews.php or 2 add a prayer via an add action to prayers.php...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."...

CVE-2014-0120

Cross-site request forgery CSRF vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."...

CVE-2014-0120

Cross-site request forgery CSRF vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."...

VIEWGOOD's All Media Resource Distribution Platform Has Logic Design Flaws

WebCDN is a cloud-based service platform that integrates application and resource provisioning. A logical design vulnerability exists in WebCDN, which can be exploited by an attacker to reset arbitrary user passwords...

CVE-2015-4071

The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://target/component/helpdeskpro/?view=ticket&id=ticketId...

CVE-2015-4071

The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://target/component/helpdeskpro/?view=ticket&id=ticketId...

Apache XML Graphics FOP 2.1 Information Disclosure Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-5661: Apache XML Graphics FOP information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: FOP 1.0 - 2.1 Description: Files lying on the filesystem of the server which uses batik...

CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

CVE-2017-5661

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full...

CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

Poezio/SleekXMPP/Slixmpp User Emulation Vulnerability

XMPP is Extensible Messaging and Presence Protocol, a set of open technologies for instant messaging, multi-party chat, voice and video calls. A user emulation vulnerability exists in Poezio/SleekXMPP/Slixmpp. An attacker can exploit this vulnerability to emulate arbitrary users, leading to furth...

CVE-2017-5473

Cross-site request forgery CSRF vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/adduser.lua, admin/changeuserprefs.lua, admin/deleteuser.lua, and admin/passwordreset.lua...

The vulnerability of the GNU Mailman mailing system allows a hacker to gain access to the authentication data of arbitrary users.

The vulnerability of the GNU Mailman system’s user configuration page relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely access the authentication data of arbitrary users through modified requests. As a result, the access to the...

CVE-2016-6893

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

CVE-2016-6893

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...