9 matches found
Stored xss bug to hijack admin account
Description Using this xss lower level user can change his role to super-admin and can hijack admin account Proof of Concept 1. First from super-admin account goto http://localhost/silverstripe/admin/security/RootUsers and add user-B as content authors .\ also give user-B only permisssion to page...
Cross site scripting
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Simplelife plugin 1.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 simplehoverback, 2 simplehovertext, 3...
CVE-2014-7190
Multiple cross-site request forgery CSRF vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that 1 shutdown or 2 reboot the server via a request to admin/systemshutdown.html...
SDCMS somewhere stored xss can hijack administrator-vulnerability warning-the black bar safety net
SDCMS somewhere storage typexss, you can cross into the background directly hijack the administrator The problem or in the short message. Before SDCMS short message exists atxsscan be directly hijack any given user, the Modify bug, but not fix completely, this time to a more ruthless, directly...
FortiAnalyzer 5.0.4 - CSRF Vulnerability
Exploit for php platform in category web applications CertR no respond my email, not Fortinet has not given the credits. I. VULNERABILITY ------------------------- CSRF vulnerabilities in OS of fortianalyzer 5.0.4 II. BACKGROUND ------------------------- Fortinet’s industry-leading, Network...
Nagios XI 2009R1.2B Cross Site Request Forgery
Advisory Information Advisory ID: NGENUITY-2010-006 Date published: Aug. 7, 2010 Class: Cross-Site Request Forgery CSRF Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description Nagios XI 2009R1.2B is vulnerable to multiple...
CVE-2009-4365
Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...