Lucene search
K

325 matches found

Cvelist
Cvelist
added 2007/12/20 8:0 p.m.24 views

CVE-2007-6496

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to...

6.9AI score0.02682EPSS
Exploits1References8
Prion
Prion
added 2007/11/15 12:46 a.m.15 views

Design/Logic Flaw

blocks/shoutboxblock.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field...

7.5CVSS7.2AI score0.01547EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2007/11/05 7:46 p.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...

6.8CVSS7.2AI score0.00749EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2007/11/05 7:0 p.m.16 views

CVE-2007-5828

Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...

6.8CVSS7.1AI score0.00749EPSS
Exploits0
Prion
Prion
added 2007/09/05 7:17 p.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

4.3CVSS7.5AI score0.02135EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/08/08 1:17 a.m.16 views

CVE-2007-4193

Multiple cross-site request forgery CSRF vulnerabilities in index.php in IDE Group DVD Rental System DRS 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by 1 modifying data or 2 canceling a subscription. NOTE: it is not clear whether IDE...

4.3CVSS7.2AI score0.01083EPSS
Exploits0References5
Prion
Prion
added 2007/07/17 1:30 a.m.10 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors...

7.5CVSS7.5AI score0.02744EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2007/07/11 5:30 p.m.17 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...

2.6CVSS7.7AI score0.01277EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/07/11 5:30 p.m.14 views

CVE-2007-3688

Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...

2.6CVSS7.2AI score0.01277EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/07/11 5:0 p.m.21 views

CVE-2007-3688

Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...

7.2AI score0.01277EPSS
Exploits0References7
CVE
CVE
added 2007/07/11 5:0 p.m.58 views

CVE-2007-3688

The vulnerability described across sources concerns DotClear 1.2.6, where multiple cross-site request forgery (CSRF) flaws allow remote attackers to perform actions as arbitrary users. The entry specifies exploitation via the tool_url parameter to ecrire/tools.php and through several fields on pa...

2.6CVSS7.2AI score0.01277EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/06/27 6:30 p.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network...

6CVSS8.2AI score0.02408EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2007/06/27 6:30 p.m.17 views

CVE-2007-3255

Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...

6.5CVSS7.2AI score0.0194EPSS
Exploits0References10
Prion
Prion
added 2007/06/27 6:30 p.m.21 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...

6.5CVSS7.7AI score0.0194EPSS
Exploits0References10Affected Software1
exploitpack
exploitpack
added 2007/05/25 12:0 a.m.18 views

Pligg CMS 9.5 - Reset Forgotten Password Security Bypass

Pligg CMS 9.5 - Reset Forgotten Password Security Bypass source: https://www.securityfocus.com/bid/24158/info Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords. An attacker may exploit this issue to reset account passwords for arbitrary use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/25 12:0 a.m.29 views

Pligg CMS 9.5 - Reset Forgotten Password Security Bypass

source: https://www.securityfocus.com/bid/24158/info Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords. An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise a vulnerable application. This can...

7.4AI score
Exploits0
Prion
Prion
added 2007/05/22 9:30 p.m.8 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors...

6CVSS7.6AI score0.01539EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/01/31 6:0 p.m.22 views

CVE-2007-0622

Cross-site request forgery CSRF vulnerability in MyBB aka MyBulletinBoard 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.8AI score0.00938EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/05/31 12:0 a.m.30 views

e107 email.php Arbitrary Mail Relay

The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through...

5CVSS5.7AI score0.0116EPSS
Exploits0References3
NVD
NVD
added 2006/03/07 11:2 p.m.13 views

CVE-2006-1069

Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors...

10CVSS7AI score0.01652EPSS
Exploits0References3
Rows per page
Query Builder