Lucene search
K

57 matches found

Huntr
Huntr
added 2021/10/01 6:23 p.m.12 views

Cross-Site Request Forgery (CSRF) in collectiveaccess/pawtucket2

Description The following endpoints are vulnerable to CSRF attacks via GET requests even though they use AJAX: 1: Delete lightbox 2: Delete comments 3: Create comments 4: Create comments on objects 5: Add items into lightbox 6: Delete items from lightbox Proof of Concept Copy and paste the...

0.5AI score
Exploits0
OSV
OSV
added 2021/09/13 6:15 p.m.3 views

CVE-2021-24725

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments...

4.3CVSS5.9AI score0.00487EPSS
Exploits2References2
NVD
NVD
added 2021/09/13 6:15 p.m.14 views

CVE-2021-24725

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments...

4.3CVSS0.00487EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.6 views

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site request forgery vulnerability that stems from the Comment Link Remove and Other Comment Tools plugin not having CSRF checks in its Delete comments easily, which could allow an...

4.3CVSS5.1AI score0.00487EPSS
Exploits2References3
CNVD
CNVD
added 2020/09/23 12:0 a.m.3 views

Unauthorized Access Vulnerability in Tumo Blog

Tumo Blog a blogging system. An unauthorized access vulnerability exists in Tumo Blog, which can be exploited by an attacker to perform unauthorized actions such as deleting comments from others...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2018/01/09 12:0 a.m.36 views

Vanilla Forums Cross Site Request Forgery

Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage: https://open.vanillaforums.com Software Link:...

7.8AI score0.01647EPSS
Exploits5
0day.today
0day.today
added 2018/01/08 12:0 a.m.69 views

Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage:...

7.2CVSS0.2AI score0.01647EPSS
Exploits12
CNVD
CNVD
added 2016/05/17 12:0 a.m.7 views

appleple a-blog cms unauthorized operation vulnerability

appleple a-blog cms is a content management system CMS from appleple Japan. A security vulnerability exists in the session management of the comment feature in appleple a-blog cms 2.6.0.1 and earlier versions. A remote attacker can exploit this vulnerability to delete arbitrary comments or obtain...

6.5CVSS7AI score0.01277EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/16 5:48 a.m.7 views

a-blog cms vulnerable to session management

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

6.5CVSS6.9AI score0.01277EPSS
Exploits0References5
seebug.org
seebug.org
added 2015/03/05 12:0 a.m.10 views

ThinkSAAS设计缺陷可任意删除他人评论

简要描述: 设计错误吧 详细说明: 我觉得这个不应该是你们的本意吧? 漏洞证明: 这是他们官方站点就是用他们自己的系统搭建的 http://www.thinksaas.cn/vote/ 投票处,可删除任意用户评论 不用截断 不用改参数 我登陆的这个以18结尾的号,可以删除以30为结尾的号的评论...

7.1AI score
Exploits0
Prion
Prion
added 2009/11/29 1:7 p.m.13 views

Authorization

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

5CVSS7.3AI score0.06589EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2009/11/27 8:45 p.m.4 views

EUVD-2009-4060

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

5CVSS6.7AI score0.06589EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2009/11/18 12:0 a.m.29 views

Simplog 0.9.3.2 XSS / XSRF

Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download Author Amol Naik amolnaik4atgmail.com Date...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2007/07/30 5:0 p.m.32 views

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

6.8AI score0.01271EPSS
Exploits0References6
NVD
NVD
added 2007/07/27 10:30 p.m.14 views

CVE-2007-4047

geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...

6.4CVSS7.1AI score0.03283EPSS
Exploits1References7
Prion
Prion
added 2007/07/27 10:30 p.m.13 views

Authentication flaw

geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...

6.4CVSS7.7AI score0.03283EPSS
Exploits1References7Affected Software1
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.66 views

Geoblog v1 administrator bypass

Geoblog v1. A vulnerability exists in geoblog version 1 latest that allows users to delete other peoples comments without administration credentials. It works on blogs too. Users can delete blogs without user credentials. The reason why is because the listcomments.php and deletecomments.php files...

1.9AI score
Exploits0
Rows per page
Query Builder