Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

CVE-2008-3925

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

CVE-2008-3925

CSRF in Content Management Made Easy (CMME) 1.12 affects admin.php, enabling a remote attacker to trigger logout of an administrative user via a logout action. The connected CVE/DOCs confirm the vulnerability and affected component but do not provide a patch version or mitigation steps within the...

CVE-2008-3925

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

Simple PHP Blog (SPHPBlog) <= 0.5.1 Code Execution Exploit

No description provided by source. ? / sIMPLE php bLOG 0.5.0 eXPLOIT bY mAXzA 2008 / function curl$url,$postvar global $cook; $ch = curlinit $url ; curlsetopt $ch, CURLOPTRETURNTRANSFER, 1; curlsetopt $ch, CURLOPTHEADER, 1; curlsetopt $ch, CURLOPTREFERER,"$url"; if strlen$postvar3 $postvar="123";...

noname script 1.1 - Multiple Vulnerabilities

noname script 1.1 - Multiple Vulnerabilities + NoName Script 1.1 BETA Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Local File Inclusion...

BandSite CMS 1.1.4 - Download Backup Cross-Site Scripting Cross-Site Request Forgery

BandSite CMS 1.1.4 - Download Backup Cross-Site Scripting Cross-Site Request Forgery + BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN + Arbitrary Download Database Go to...

Apache Tomcat Host Manager cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user...

Session isn't invalidated on logout

When the user logs out the HttpSession isn't invalidated. The important details of the logged in user and other information is correctly cleared but other properties such as user preferences are not. The impact is things like the label's section and location section's openness state isn't correct...

Session isn't invalidated on logout

When the user logs out the HttpSession isn't invalidated. The important details of the logged in user and other information is correctly cleared but other properties such as user preferences are not. The impact is things like the label's section and location section's openness state isn't correct...

CVE-2008-1395

Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session...

Buffer overflow

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password UCP before 4.2 in Cisco Secure Access Control Server ACS for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and...

Authentication Capture: IMAP

This module provides a fake IMAP service that is designed to capture authentication credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Authentication Capture: IMAP', 'Description' = %...

Debian Security Advisory DSA 112-1 (hanterm)

The remote host is missing an update to hanterm announced via advisory DSA 112-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

security flaw

pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...

Myspace Clone Script - SQL Injection

--==+================================================================================+==-- --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: datecomm.com DORK...

CVE-2003-1352

CVE-2003-1352 relates to Gabber 0.8.7, where an info-leak occurs because the client sends an email to a specific address during user login and logout. This behavior can let an attacker sniff (eavesdrop) user session activity and reveal the Gabber version number. The published data indicates a med...

Guestbook Script 1.9 RFI

Guestbook Script 1.9 Remote File Include Dork:"Guestbook Script 1.9" Vuln Code: /admin/database.php /admin/entries.php /admin/index.php /admin/logout.php /admin/settings.php /delete.php /edit.php /inc/common.inc.php Exploit: www.server.com/path/file.php?scriptroot=Sh3ll =====================...

Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack

Calyptix Security Advisory CX-2007-05 eSoft InstaGate EX2 Cross-Site Request Forgery Attack Date: 07/11/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-05.php http://labs.calyptix.com/CX-2007-05.txt Overview Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to...

DEBIAN-CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...