23 matches found
EUVD-2020-5206
Malware in sbrugna...
EUVD-2015-7740
Malware in sbrugna...
EUVD-2019-15503
Malware in sbrugna...
EUVD-2019-7930
Malware in sbrugna...
EUVD-2001-1262
Malware in sbrugna...
CVE-2019-5935
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information...
EXNESS: Verification process done using different documents without corresponding to user information / User information can be changed after verification
A business logic flaw in the Exness trading platform allowed a verified user to change their profile information Name, DoB, and Address after identity verification. Additionally, a user could verify their account with official documents that did not correspond to their provided information. This...
Mail.ru: IDOR позволяет изменить информацию о пользователе.
An IDOR vulnerability in skillbox.ru allowed to change arbitrary user's information...
CVE-2019-11375
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI...
Fuyang Xinpin Network Technology Co., Ltd. website building system has logical design loopholes
Fuyang Xinpin Network Technology Co., Ltd. is a technical enterprise focusing on providing full network marketing solutions for the majority of tourism enterprises. Fuyang Xinpin Network Technology Co., Ltd. station-building system has a logical design loophole, which can be exploited by attacker...
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
Exploit Title: Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Date: 2018-05-18 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/classifieds-multipurpose-portal-infinity-market/16572285?srank=1520 Version: 1.6.2 Tested on: Kali linux Description : CSRF...
Secure Mail ActiveSync redirect 451
When migrating Exchange server for example from On-Premise Exchange to Office 365. Is it possible to have the Exchange server sending an HTTP 451 ActiveSync Redirect to point Secure Mail to the new server without installing a new instance of Secure Mail? Yes: The HTTP 451 is the supported mechani...
Moodle 2.9.x < 2.9.9 Multiple Vulnerabilities
Binary data 9834.prm...
Beats By Dre Cross Site Request Forgery
Hello, I am Aaditya Purani, and i had found an CSRF Cross Site Request Forgery on Beats by Dr.Dre which could lead to full Account Takeover and Information change by Just sending a Malicious crafted Link to the user. Proof of Concept: Response : aisCustomerSavedSuccessfullya: true,...
HooToo Tripmate HT-TM01 2.000.022 - CSRF Vulnerabilities
Exploit for php platform in category web applications Exploit Title: HooToo Tripmate HT-TM01 Cross Site Request Forgery Date: 03Sep15 Exploit Author: Ken Smith Contact: https://twitter.com/P4tchw0rk Vendor Homepage: http://www.hootoo.com Version: HT-TM01, version 2.000.022 1. Description Various...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; 2 create a user or...
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...
FCMS 2.7.2 Cross Site Request Forgery
FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...
Adobe Website Cross Site Scripting
Title: ====== Adobe Web-Site Persistence XSS Status: ======== Unpatched Details: ======== 1. Signin to adobe.com 2. Go to My information 3. Change Screen Name to 'alert"xss"; or 'alert"xss"; 4. Go to My adobe @Asish [email protected]...
Kryn CMS 0.6 Cross Site Request Forgery / Cross Site Scripting
Found By: TurboBorland Email Address: [email protected] Software: Kryn =0.6 Date Found: 06/21/2010 Date Submitted: 06/29/2010 Ethical Disclosure: Vendor submitted - Replied with fix: "We've fix this issues and already uploaded the new versions for kryn-core and usermanagement." - Submission to...