Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 allow remote attackers to 1 hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or...

CVE-2010-4179

The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid MRG 1.3 recommends that Condor should be configured so that the MRG Management Console cumin can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with...

plugin: enable QUEUE_ALL_USERS_TRUSTED for Submit/Hold/Release/Remove ops

The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid MRG 1.3 recommends that Condor should be configured so that the MRG Management Console cumin can submit jobs for users, which creates a trusted channel with insufficient access control that allows local users with...

Design/Logic Flaw

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted 1 lostpasswd and 2 getpasswd actions, possibly involving predictable generation of the id parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes...

Openfire 3.x - jabber:iq:auth passwd_change Remote Password Change

Openfire 3.x - jabber:iq:auth passwdchange Remote Password Change source: https://www.securityfocus.com/bid/34804/info Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized acce...

CVE-2009-1339

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...

GLSA-200904-12 : Wicd: Information disclosure

The remote host is affected by the vulnerability described in GLSA-200904-12 Wicd: Information disclosure Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object. Impact : A local attacker could exploit this...

CVE-2008-6538

DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser...

CVE-2008-6538

Vulnerability overview (CVE-2008-6538): DeStar 0.2.2-5 is affected. The issue allows remote attackers to add arbitrary users through a direct request to config/add/CfgOptUser, indicating a flaw in access control/validation. The CVSS data from NVD indicates a medium severity (base score 5.0) with ...

Default credentials

blogadata/include/initpass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified "a" parameter with a "%" wildcard symbol in the b parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in OpenEdit Digital Asset Management DAM before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors...

GLSA-200809-10 : Mantis: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200809-10 Mantis: Multiple vulnerabilities Antonio Parata and Francesco Ongaro reported a Cross-Site Request Forgery vulnerability in manageusercreate.php CVE-2008-2276, a Cross-Site Scripting vulnerability in...

CVE-2008-2538

Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors...

Design/Logic Flaw

Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php...

CVE-2008-1785

delete.php in Prozilla Top 100 1.2 allows remote authenticated users to delete statistics and accounts of arbitrary users via a modified s parameter...

CVE-2007-6496

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to...

CVE-2007-6496

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to...

CVE-2007-6496

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to...

CVE-2007-6496

CVE-2007-6496 affects Hosting Controller 6.1 Hotfix 3.3 and earlier. The vulnerability allows remote attackers to register arbitrary users via addsubsite.asp with loginname and password parameters, after certain requests to default.asp and selectdomain.asp; it is a related issue to CVE-2005-1654....