6052 matches found
WordPress pricing-table-by-supsystic insecure permissions vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security issue exists in WordPress pricing-table-by-supsystic prior to version 1.8.2, which stems from the...
Rconfig 3.x Chained Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...
Cross site request forgery (csrf)
CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request...
WordPress MStore API plugin <= 2.1.5 - Unauthenticated Account Create/Edit vulnerability
Unauthenticated Account Create/Edit vulnerability discovered by NinTechNet in WordPress MStore API plugin versions = 2.1.5. Solution Update the WordPress MStore API plugin to the latest available version at least 2.1.6...
Arbitrary Code Execution
Overview pixl-class is a library that allows you to create classes in a more classical sort of way, including support for static class members, proper constructors, inheritance, and mixins. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is locate...
CVE-2020-8635
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...
Design/Logic Flaw
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files...
CVE-2020-3148
A vulnerability in the web-based interface of Cisco Prime Network Registrar CPNR could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator account via a request to mods/core/users/admins/create.php or 2 create a user account via a request to...
CVE-2015-1583
Multiple cross-site request forgery CSRF vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator account via a request to mods/core/users/admins/create.php or 2 create a user account via a request to...
Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit
Exploit for php platform in category web applications Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.ph...
Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2020-1103)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-19741
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...
DRUPAL-CONTRIB-2020-004
The Profile module enables you to allow users to have configurable user profiles. The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users...
Cuckoo Clock v5.0 - Buffer Overflow
Exploit Title: Cuckoo Clock 5.0 - Buffer Overflow Exploit Author: boku Date: 2020-02-14 Vendor Homepage: https://en.softonic.com/author/pxcompany Software Link: https://en.softonic.com/download/parallaxis-cuckoo-clock/windows/post-download Version: 5.0 Tested On: Windows 10 32-bit Recreate: 1...
CVE-2013-6927
Internet TRiLOGI Server unknown versions could allow a local user to bypass security and create a local user account...
PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks
The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is...
CVE-2012-6720
Multiple cross-site scripting XSS vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to music/create, 2 location parameter to events/create, or 3 search parameter to widget/index/contentid/...
CVE-2019-19662
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html...
Cross site request forgery (csrf)
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html...