Code injection

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no...

CVE-2010-2532

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no...

CVE-2010-2532

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no...

CVE-2010-2532

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no...

CVE-2010-2532

CVE-2010-2532 affects lxsession-logout in lxsession (LXDE) as used on openSUSE 11.3 and similar setups. The flaw is that suspend/hibernate button presses do not lock the screen, potentially enabling physically proximate attackers to resume and access the unattended system. Connected advisories ti...

PHP Login Script v 2.3 SQL Injection vulnerability

Exploit for php platform in category web applications ================================================== PHP Login Script v 2.3 SQL Injection vulnerability ================================================== Exploit Title: PHP Login Script v 2.3 SQL Injection vulnerability. Date: 23/7 2010 Author:...

eXtreme Message Board 1.9.11 Cross Site Request Forgery

Date: Thu 15 Jul 2010 12:08:07 PM EEST Vendor: http://www.xmbforum.com/ Download: http://www.xmbforum.com/download/XMB-1.9.11.09.zip --- -= CSRF PoC 1 - Change Admin Password =- -= Method 1 - editprofile.php =- eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities - Change Admin Password -=...

eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Thu 15 Jul 2010 12:08:07 PM EEST Vendor: http://www.xmbforum.com/ Download: http://www.xmbforum.com/download/XMB-1.9.11.09.zip --- -= CSRF PoC 1 - Change Admin Password =- -= Method 1 - editprofile.php =- eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities - Change Admin Password -=...

eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities

eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Thu 15 Jul 2010 12:08:07 PM EEST Vendor: http://www.xmbforum.com/ Download: http://www.xmbforum.com/download/XMB-1.9.11.09.zip --- -= CSRF PoC 1 - Change Admin Password =- -= Method 1 - editprofile.php =-...

Zenphoto CMS 1.3 Cross Site Request Forgery

Date: Wed 14 Jul 2010 12:48:56 PM EEST Vendor: http://www.zenphoto.org/ Download: http://zenphoto.googlecode.com/files/zenphoto-1.3.tar.gz --- -= CSRF PoC 1 - Change Admin Password =- Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities - Change Admin Password input type="hidd...

eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications ========================================================== eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities ========================================================== The vulnerable application can be downloaded from:...

Diferior CMS 8.03 Cross Site Request Forgery

Date: Tue 13 Jul 2010 11:50:32 AM EEST Vendor: http://diferior.com/ Download: http://diferior.com/postfiles/news/diferior-8-03-released/Diferiorv8.03.tar.gz --- -= CSRF PoC 1 - Change Admin Password =- Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Change...

Grafik CMS 1.1.2 Cross Site Request Forgery

Date: Mon 12 Jul 2010 07:07:22 PM EEST Vendor: http://www.grafik-power.com/grafikcms/ Download: None --- -= CSRF PoC 1 - Change Admin Password =- Grafik CMS 1.1.2 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User =- Grafik CMS 1.1.2 Multiple CSRF...

Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Tue 13 Jul 2010 11:50:32 AM EEST Vendor: http://diferior.com/ Download: http://diferior.com/postfiles/news/diferior-8-03-released/Diferiorv8.03.tar.gz --- -= CSRF PoC 1 - Change Admin Password =- Diferior CMS 8.03 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Change...

TomatoCMS 2.0.5 Cross Site Request Forgery

Date: Sun 11 Jul 2010 03:36:08 PM EEST Vendor: http://www.tomatocms.com/ Download: None --- -= CSRF PoC 1 - Change Administrator Password =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities -...

Diferior CMS 8.03 Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications =============================================== Diferior CMS 8.03 Multiple CSRF Vulnerabilities =============================================== Date: Tue 13 Jul 2010 11:50:32 AM EEST Vendor: http://diferior.com/ Download:...

GetSimple CMS 2.01 Cross Site Request Forgery / Cross Site Scripting

Date: Mon 12 Jul 2010 12:11:45 PM EEST Vendor: http://get-simple.info/ Download: http://www.box.net/get-simple --- -= CSRF PoC 1 - Change Admin Password =- GetSimple CMS 2.01 Multiple Vulnerabilities XSS/CSRF - Change Admin Password -= CSRF PoC 2 - Delete Page =- -= CSRF PoC 3 - Delete All Backup...

Frog CMS 0.9.5 Cross Site Request Forgery

Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF Vulnerabilities - Create Admin User -= CSRF PoC 2 - Delete User =- -= CSRF PoC 3...

TheHostingTool 1.2.2 Cross Site Request Forgery

Date: Mon 12 Jul 2010 01:19:52 PM EEST Vendor: http://thehostingtool.com/ Download: http://thehostingtool.googlecode.com/files/THT-v1.2.2.zip --- -= CSRF PoC 1 - Create Staff Account =- TheHostingTool 1.2.2 Multiple CSRF Vulnerabilities - Create Staff Account -= CSRF PoC 2 - Delete Staff Account ...

Campsite CMS 3.4.0 Cross Site Request Forgery

Date: Mon 12 Jul 2010 03:40:46 PM EEST Vendor: http://www.sourcefabric.org/en/home/web/6/Campsite.htm?tpl=18 Download: http://sourceforge.net/projects/campsite/files/campsite/3.4.0/campsite-3.4.0.tar.gz/download --- -= CSRF PoC 1 - Create Admin User =- Campsite CMS 3.4.0 Multiple CSRF...