idev-AutoHost 5.0 Cross Site Request Forgery

Exploit Title: idev-AutoHost 5.0 CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/idevautohost-50-hosting-billing-software/31713/ Category:: webapps Demo : http://idevspot.com/demos/idev-autohost/admin Greetz: Inj3ct0r Exploit DataBase 1337day.com ShowHide...

SA-CONTRIB-2012-044 - Contact Forms - Cross Site Scripting

CVE: CVE-2012-2071 This module expands the features of the site wide contact form. It eliminates the drop down category menu by generating a clean looking contact form with a unique path, for each of the contact form categories. The module doesn't sufficiently filter user text of the page title a...

Microsoft .Net multiple security vulnerabilities

DoS, multiple vulnerabilities in forms authentication...

Yealink VOIP Phone - Persistent Cross-Site Scripting

============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product: Yealink Easy VOIP Phone Homepage:...

CVE-2011-5080

Cross-site scripting XSS vulnerability in lib/class.txjftcaformstceFunc.php in the Additional TCA Forms jftcaforms extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-5080

CVE-2011-5080 affects the TYPO3 extension jftcaforms (Additional TCA Forms) prior to version 0.2.1. The vulnerability exists in lib/class.tx_jftcaforms_tceFunc.php and allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (XSS). Practical impact is to execute scri...

CVE-2012-1031

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417...

Authentication flaw

Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417...

CVE-2012-1031

CVE-2012-1031 refers to an unspecified vulnerability in EPiServer CMS 5 and 6 up to 6R2 in certain configurations using Forms Authentication . The vulnerability allows remote authenticated users to obtain access to WebAdmins by leveraging Edit Mode privileges , and is noted as a different vulnera...

FAA US Academy (AFS) - Auth Bypass Vulnerability

Document Title: =============== FAA US Academy AFS - Auth Bypass Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=171 Release Date: ============= 2012-01-27 Vulnerability Laboratory ID VL-ID: ==================================== 171 Common...

CVE-2012-0073

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...

CVE-2012-0073

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors...

CVE-2012-0073

CVE-2012-0073 affects Oracle Forms in Oracle E-Business Suite 11.5.10.2. Description: an unspecified vulnerability allows remote attackers to affect integrity via unknown vectors. Affected: Oracle E-Business Suite components and Oracle Forms (version 11.5.10.2). Severity: NVD base score 4.3 (MEDI...

Apache APR - Hash Collision Denial of Service

source: https://www.securityfocus.com/bid/51917/info Apache APR is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36669.zip...

CVE-2011-3415

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in...

CVE-2011-3416

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...

CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, ak...

Open redirect

Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in...

Authentication flaw

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."...