9 matches found
CVE-2022-1248
A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAPInformationSystem/controllers/addadmin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploi...
Atlassian Confluence Data Center and Server - Authentication Bypass Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control', 'Description' = %q This module exploits a broken...
DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADM...
DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery
Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADMIN Version: 1.55 CVE: CVE-2019-9625...
CVE-2018-6408
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account...
CVE-2014-9344
Cross-site request forgery CSRF vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/...
Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution
Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...
Cross site scripting
Cross-site scripting XSS vulnerability in Ipswitch WSFTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to creat...
CVE-2007-4555
CVE-2007-4555 describes a cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP's administration interface. The issue occurs when arguments to a valid command are not properly sanitized and are displayed by the view log option, enabling an attacker to inject arbitrary web script or HTML. Th...