325 matches found
CVE-2007-6496
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to...
Design/Logic Flaw
blocks/shoutboxblock.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...
CVE-2007-5828
Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...
CVE-2007-4193
Multiple cross-site request forgery CSRF vulnerabilities in index.php in IDE Group DVD Rental System DRS 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by 1 modifying data or 2 canceling a subscription. NOTE: it is not clear whether IDE...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...
CVE-2007-3688
Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...
CVE-2007-3688
Multiple cross-site request forgery CSRF vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the 1 toolurl parameter to ecrire/tools.php and multiple fields on the 2 blogconf, 3 blogroll, 4 ecrire/redacteur.php, and 5 ecrire/userprefs.php pages...
CVE-2007-3688
The vulnerability described across sources concerns DotClear 1.2.6, where multiple cross-site request forgery (CSRF) flaws allow remote attackers to perform actions as arbitrary users. The entry specifies exploitation via the tool_url parameter to ecrire/tools.php and through several fields on pa...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network...
CVE-2007-3255
Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...
Pligg CMS 9.5 - Reset Forgotten Password Security Bypass
Pligg CMS 9.5 - Reset Forgotten Password Security Bypass source: https://www.securityfocus.com/bid/24158/info Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords. An attacker may exploit this issue to reset account passwords for arbitrary use...
Pligg CMS 9.5 - Reset Forgotten Password Security Bypass
source: https://www.securityfocus.com/bid/24158/info Pligg is prone to a security-bypass vulnerability due to a design error when resetting forgotten passwords. An attacker may exploit this issue to reset account passwords for arbitrary users and then compromise a vulnerable application. This can...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors...
CVE-2007-0622
Cross-site request forgery CSRF vulnerability in MyBB aka MyBulletinBoard 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
e107 email.php Arbitrary Mail Relay
The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through...
CVE-2006-1069
Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors...