20 matches found
EUVD-2018-21633
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
EUVD-2018-21643
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...
CVE-2018-25190
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...
CVE-2018-25178
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25190
Easyndexer 1.0 is affected by a CSRF in createuser.php that enables unauthenticated attackers to create administrative accounts by submitting forged POSTs with username, password, name, surname, and privileges=1. CVSS v3.1: 5.3 (NETWORK, LOW CA/PR, NONE UI) with I/L; CVSS v4.0: 6.9 (NETWORK, LOW ...
CVE-2018-25190 Easyndexer 1.0 Cross-Site Request Forgery via createuser.php
Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that submit POST requests to createuser.php with parameters including username,...
CVE-2018-25178
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25178 Easyndexer 1.0 Arbitrary File Download via showtif.php
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25178 Easyndexer 1.0 Arbitrary File Download via showtif.php
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like...
CVE-2018-25178
CVE-2018-25178 affects Easyndexer 1.0 and describes an arbitrary file download vulnerability in showtif.php. The issue allows unauthenticated attackers to download sensitive files by sending POST requests with arbitrary file paths in the file parameter, enabling access to configuration and initia...
Easyndexer 路径遍历漏洞
Easyndexer is a database interface software developed by rul10’s individual developer. Version 1.0 of Easyndexer has a path traversal vulnerability. This vulnerability stems from the file parameter in the showtif.php file, which allows arbitrary file downloads, potentially leading to the download...
Easyndexer 跨站请求伪造漏洞
Easyndexer is a database interface software developed by rul10’s individual developers. Version 1.0 of Easyndexer contains a cross-site request forgeing vulnerability. This vulnerability stems from the createuser.php file, which has a cross-site request forgeing issue, potentially allowing...
Easyndexer 1.0 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Easyndexer 1.0 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link: https://ayera.dl.sourceforge.net/project/easyndexer/easyndexerwin32.exe Version:...
Easyndexer 1.0 - Arbitrary File Download
Easyndexer 1.0 - Arbitrary File Download Exploit Title: Easyndexer 1.0 - Arbitrary File Download Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...
Easyndexer 1.0 Arbitrary File Download
Exploit Title: Easyndexer 1.0 - Arbitrary File Download Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link: https://ayera.dl.sourceforge.net/project/easyndexer/easyndexerwin32.exe Version: 1.0 Category: Webapps Teste...
Easyndexer 1.0 - Arbitrary File Download
Exploit Title: Easyndexer 1.0 - Arbitrary File Download Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link: https://ayera.dl.sourceforge.net/project/easyndexer/easyndexerwin32.exe Version: 1.0 Category: Webapps Teste...
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link: https://ayera.dl.sourceforge.net/project/easyndexer/easyndexerwin32.exe Version: 1.0 Category:...
Easyndexer 1.0 Cross Site Request Forgery
Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link: https://ayera.dl.sourceforge.net/project/easyndexer/easyndexerwin32.exe Version: 1.0 Category:...