57 matches found
Cross-Site Request Forgery (CSRF) in collectiveaccess/pawtucket2
Description The following endpoints are vulnerable to CSRF attacks via GET requests even though they use AJAX: 1: Delete lightbox 2: Delete comments 3: Create comments 4: Create comments on objects 5: Add items into lightbox 6: Delete items from lightbox Proof of Concept Copy and paste the...
CVE-2021-24725
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments...
CVE-2021-24725
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments...
WordPress 插件 跨站请求伪造漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site request forgery vulnerability that stems from the Comment Link Remove and Other Comment Tools plugin not having CSRF checks in its Delete comments easily, which could allow an...
Unauthorized Access Vulnerability in Tumo Blog
Tumo Blog a blogging system. An unauthorized access vulnerability exists in Tumo Blog, which can be exploited by an attacker to perform unauthorized actions such as deleting comments from others...
Vanilla Forums Cross Site Request Forgery
Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage: https://open.vanillaforums.com Software Link:...
Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage:...
appleple a-blog cms unauthorized operation vulnerability
appleple a-blog cms is a content management system CMS from appleple Japan. A security vulnerability exists in the session management of the comment feature in appleple a-blog cms 2.6.0.1 and earlier versions. A remote attacker can exploit this vulnerability to delete arbitrary comments or obtain...
a-blog cms vulnerable to session management
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a vulnerability in session management of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
ThinkSAAS设计缺陷可任意删除他人评论
简要描述: 设计错误吧 详细说明: 我觉得这个不应该是你们的本意吧? 漏洞证明: 这是他们官方站点就是用他们自己的系统搭建的 http://www.thinksaas.cn/vote/ 投票处,可删除任意用户评论 不用截断 不用改参数 我登陆的这个以18结尾的号,可以删除以30为结尾的号的评论...
Authorization
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...
EUVD-2009-4060
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...
Simplog 0.9.3.2 XSS / XSRF
Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download Author Amol Naik amolnaik4atgmail.com Date...
CVE-2007-4063
Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...
CVE-2007-4047
geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...
Authentication flaw
geoBlog aka BitDamaged 1 does not require authentication for 1 deletecomment.php, 2 deleteblog.php, and 3 listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter...
Geoblog v1 administrator bypass
Geoblog v1. A vulnerability exists in geoblog version 1 latest that allows users to delete other peoples comments without administration credentials. It works on blogs too. Users can delete blogs without user credentials. The reason why is because the listcomments.php and deletecomments.php files...