Lucene search
K

325 matches found

Prion
Prion
added 2014/07/29 8:55 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

6.8CVSS7.9AI score0.00924EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2014/07/07 11:1 a.m.25 views

CVE-2014-0864

Multiple cross-site request forgery CSRF vulnerabilities in Executer in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change 1 a deal's currency or 2 a...

6.8CVSS7AI score0.02523EPSS
Exploits6References7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Pligg 9.5 Reset Forgotten Password Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24158/info Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords. An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.41 views

Openfire 3.x jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34804/info Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized access to the affected application a...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

SGI IRIX <= 6.2 cdplayer Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/333/info A vulnerability exists in the /usr/bin/X11/cdplayer application as shipped with SGI's IRIX operating system. By failing to shed root privileges, and creating arbitrary directories as root, cdplayer allows arbitra...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.35 views

SGI IRIX <= 6.4 datman/cdman Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/347/info A vulnerability exists in the datman/cdman program, as included with Irix 6.2 and 5.3 from Silicon Graphics Inc. The vulnerability would allow arbitrary users to execute commands as root. The datman/cdman program...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

E-Zone Media FuzeTalk 2.0 AddUser.CFM Administrator Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10276/info It has been reported that FuseTalk is affected by an administrator command execution vulnerability in the adduser.cfm script. This issue is due to a failure of the application to properly validate the origin of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

OpenMediaVault Cron Remote Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2014/06/25 10:0 a.m.24 views

CVE-2014-3882

Cross-site request forgery CSRF vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users...

7.2AI score0.01076EPSS
Exploits0References4
Prion
Prion
added 2014/05/26 4:29 a.m.11 views

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors...

5CVSS7.1AI score0.01667EPSS
Exploits0References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2014/05/25 12:0 a.m.4 views

OpenMediaVault Cron Remote Command Execution (CVE-2013-3632)

A security vulnerability was found in OpenMediaVault. OpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system including root...

9CVSS6.5AI score0.56838EPSS
Exploits8
Prion
Prion
added 2014/05/23 2:55 p.m.20 views

Design/Logic Flaw

The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4wclearuser parameter...

4.3CVSS7.3AI score0.05973EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2014/05/08 2:29 p.m.1 views

DEBIAN-CVE-2014-1685

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors...

5.5CVSS6.7AI score0.01415EPSS
Exploits0References1
Prion
Prion
added 2014/04/29 2:38 p.m.8 views

Code injection

Simple Machines Forum SMF 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username...

7.5CVSS7.3AI score0.01527EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2014/04/24 2:55 p.m.21 views

Authentication flaw

The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request...

7.5CVSS7.5AI score0.01667EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/04/23 3:55 p.m.30 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

6.8CVSS7.6AI score0.02278EPSS
Exploits1References9Affected Software3
Cvelist
Cvelist
added 2014/04/23 2:0 p.m.23 views

CVE-2014-2327

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

8.9AI score0.02278EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2014/04/23 2:0 p.m.31 views

CVE-2014-2327

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

6.8CVSS9.1AI score0.02278EPSS
Exploits1
Prion
Prion
added 2014/04/22 1:6 p.m.18 views

Default credentials

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters...

6.4CVSS7.3AI score0.15658EPSS
Exploits7References2Affected Software1
NVD
NVD
added 2014/04/15 10:55 a.m.15 views

CVE-2014-0357

Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...

5CVSS6.4AI score0.01848EPSS
Exploits2References3
Rows per page
Query Builder