SugarCRM Community Edition 5.5.2 Cross Site Request Forgery

!--========================================================================================================= //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

CVE-2010-2022

jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U root" options are omitted, does not properly restrict access to the current working directory, which might allow local users to read, modify, or create arbitrary files via standard filesystem operations...

CVE-2010-2039

Cross-site request forgery CSRF vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an AdminUsers action to index.php. NOTE: some of these details are obtained from third...

vtiger CRM 5.2.0 Cross Site Request Forgery

!--========================================================================================================= //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

PostgreSQL: PL/Tcl Intended restriction bypass

The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the pltclmodules table regardless of the table's ownership and permissions, which allows remo...

PostgreSQL: PL/Perl Intended restriction bypass

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with database-creation privileges, to execute arbitrar...

Authentication flaw

EZ-Blog Beta 1 does not require authentication, which allows remote attackers to create or delete arbitrary posts via requests to PHP scripts...

eclime v1.1 ByPass / Create and Download Backup Vulnerability

Exploit for php platform in category web applications ============================================================= eclime v1.1 ByPass / Create and Download Backup Vulnerability =============================================================...

Design/Logic Flaw

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege...

CVE-2010-0860

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to the Create User privilege...

Prediction League 0.3.8 Cross Site Request Forgery

======================================================================================== | Title : Prediction League 0.3.8 CSRF Create Admin User Exploit | Author : indoushka | Home : www.iqs3cur1ty.com/vb | Tested on: Lunix Français v.9.4 Ubuntu | Bug : CSRF Create Admin User Exploit...

Prediction League 0.3.8 CSRF Create Admin User Exploit

Exploit for php platform in category web applications ====================================================== Prediction League 0.3.8 CSRF Create Admin User Exploit ======================================================...

Prediction League 0.3.8 - Cross-Site Request Forgery (Add Admin)

Prediction League 0.3.8 - Cross-Site Request Forgery Add Admin ======================================================================================== | Title : Prediction League 0.3.8 CSRF Create Admin User Exploit | Author : indoushka | Home : www.iqs3cur1ty.com/vb | Tested on: Lunix Français...

Advanced Management For Services Sites - Bypass Create And Download SQL Backup

Advanced Management For Services Sites - Bypass Create And Download SQL Backup ======================================================================================== | Title : Advneced Management For Services Sites =by pass Creat And Download Buckup Sql Vulnerability | Author : indoushka | emai...

Prediction League 0.3.8 - Cross-Site Request Forgery (Add Admin)

======================================================================================== | Title : Prediction League 0.3.8 CSRF Create Admin User Exploit | Author : indoushka | Home : www.iqs3cur1ty.com/vb | Tested on: Lunix Français v.9.4 Ubuntu | Bug : CSRF Create Admin User Exploit...

68kb 68KB Base 1.0.0rc3 - Cross-Site Request Forgery (Admin)

68kb 68KB Base 1.0.0rc3 - Cross-Site Request Forgery Admin Exploit Title: 68kb Knowledge Base v1.0.0rc3 create administrator account CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 /index.php/admin/users/add" Exampl...

BPTutors Tutoring Site Script XSRF

Title: BPTutors Tutoring site script - CSRF Create Administrator Account Date: 26/3/2010 Author: bi0 Software: http://bpowerhouse.info/tutoring-site-script.htm Version: 1.0 Code : /\ == \ /\ \ /\ \ \ \ Admin 6+ Passwd 6+ Frist Name Last Name Email a class='classa'...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the 1 Question and 2 Choice fields in tools/polls/add.php, the 3 Type and 4 Title fields in tools/groups/createmanual.php, and...

Grouping friends

To group your friends, click on Friends up top. Then Friends in the left column. Then Create New List assuming this is your first one. If you are adding people, then click on the list you want to edit and then “Edit List.” You’ll be offerred a list of your friends. Clicking on their picture will...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Limny 2.0 allow remote attackers to 1 hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and 2 hijack the authentication of the administrator for...