142 matches found
Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit
No description provided by source. Exploit Title: Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit Date: 22 - 10 - 2010 Author: Mon7rF Mail : [email protected] Tested on: Windows 7 -------------------------------------------------------------------------------------- form onsubmit=return...
CVE-2012-2353
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section...
Stack overflow
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section...
UBUNTU-CVE-2012-2353
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section...
idev-DigiEbay 3.0 Cross Site Request Forgery
Exploit Title: idev-DigiEbay 3.0 CSRF Author: Jonturk75 Vendor or Software Link: http://idevspot.com/ Category:: webapps Demo : http://idevspot.com/demos/idev-digiebay/admin Greetz: Inj3ct0r Exploit DataBase 1337day.com ShowShowHide...
Talking about web application permissions problems-vulnerability warning-the black bar safety net
Before knowing about web permissions there might be a problem, but in reality the test encountered is relatively small, today met on record: a warrior please don't waste your valuable time A, longitudinal Stripping of the right to In General the site has many users, divided into different...
Cpanel 11.X Edit E-mail Cross Site Request Forgery Exploit
Exploit for php platform in category web applications ========================================================== Cpanel 11.X Edit E-mail Cross Site Request Forgery Exploit ========================================================== Exploit Title: Cpanel 11.X Edit E-mail Cross Site Request Forgery...
Pc4Uploader 9.0 Cross Site Request Forgery
Exploit Title: pc4uploader XSRF Add Admin Exploit Date: 27-08-2010 Author: RENO TeaM : SauDi ViRuS TeaM SiTe: WwW.Sa-ViRuS.CoM Software Link: http://www.pc4arb.com/product-10.html SvT Pc4Uploader - XSRF Add Admin Exploit Author : RENO TeaM : SauDi ViRuS TeaM Site : WwW.Sa-ViRuS.CoM Email :...
Summary:easy is the hack attack 1 0 a vulnerability-vulnerability warning-the black bar safety net
Application-level security vulnerabilities are usually not as similar to the SirCam email virus such as Code Red this worm so easy to widely spread, but they will also cause a lot of problems, from the theft of product or information to make the entire Web site was completely paralyzed. Ensure th...
PT-2006-4290 · Taskjitsu · Taskjitsu
Name of the Vulnerable Software and Affected Versions: Taskjitsu versions prior to 2.0.1 Description: The issue concerns the "change password forms" in Taskjitsu, where password hashes are included in hidden form fields. This allows remote attackers to obtain sensitive information from the Catego...
almondClassifieds.txt
A vulnerability discovered in Almond Classifeds http://www.almondsoft.com/alcl.html vulnerability is due omit check of password in "editform" user can edit any add in the classifieds if we post new add we can edit our add in the "editform" section there are 2 hidden fields: by changing the number...
Maxwebportal 1.30 - 'search.asp?Search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...
Price modification in Element InstantShop
===================================================================== Securax-SA-07 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Price modification in Element InstantShop Announced: 2000-10-23 Updated: 2000-10-23...
DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
All, We have released this with the permission of the vendor. Rgds Ollie ----- Ollie Whitehouse Security Team Leader tel: +44 020 79160200 ============================================================================ Delphis Consulting Plc...
CVE-2000-0101
The CVE-2000-0101 entry concerns the Make-a-Store OrderPage shopping cart, where remote users can modify sensitive purchase information via hidden form fields in the application. Connected PT-2000-1089 confirms the vulnerable software as Make-a-Store OrderPage (affected versions not specified) an...
CVE-2000-0110
CVE-2000-0110 affects the WebSiteTool shopping cart application, where remote attackers can modify sensitive purchase information by manipulating hidden form fields in the shopping cart. The PT-2000-1098 entry corroborates this description but does not specify affected versions or a fix. No explo...
CVE-2000-0135
CVE-2000-0135 affects the @Retail shopping cart application. NVD notes remote attackers can modify sensitive purchase information via hidden form fields, with a CVSS v2 base score of 7.5 (NETWORK, LOW complexity, NONE auth, partial impact across confidentiality, integrity, and availability). Conn...
CVE-2000-0101
The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...
CVE-2000-0106
The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields...
PT-2000-1092 · Shoptron · Shoptron Shopping Cart Application
Name of the Vulnerable Software and Affected Versions: Shoptron shopping cart application affected versions not specified Description: The issue allows remote users to modify sensitive purchase information via hidden form fields. Recommendations: At the moment, there is no information about a new...