19 matches found
CVE-2018-6408
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account...
EUVD-2010-2127
Malware in sbrugna...
CVE-2025-57760
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in...
CVE-2025-45055
Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...
CVE-2024-45264
A cross-site request forgery CSRF vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges...
Deprixa 3.2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : Deprixa 3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | | Vendor :...
COURIER DEPRIXA 2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : COURIER DEPRIXA V2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 102.0.164-bit | |...
Siemens SICAM GridEdge Essential 访问控制错误漏洞
SICAM GridEdge enables IoT functionality in your existing IEC 61850 devices with just a few clicks.An authentication error vulnerability in Siemens SICAM GridEdge results from the fact that the affected software does not authenticate access to privileged functions, which can be exploited to creat...
CVE-2020-19964
A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...
PhpList 跨站脚本漏洞
phpList is an open source newsletter and email marketing software from phpList UK. A cross-site scripting vulnerability exists in phpList version 3.5.3, which can be exploited by adding a new administrator with the login field in the "Manage Administrators" section...
Woocommerce Customers Manager < 26.6 - Arbitrary Account Creation/Update via CSRF
The fixes for https://wpscan.com/vulnerability/126143e0-b0cc-4517-862e-3ac557db744f still allowed the issue to be performed via a CSRF attack. The uploadcsv AJAX action, available to authenticated users, did not have proper CRSF check, allowing attacker to make a logged in user with the...
Advantech WebAccess/NMS Authentication Missing Vulnerability
Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. An authentication missing vulnerability exists in Advantech WebAccess/NMS, which can be exploited by an attacker to create a new administrator account...
The vulnerability of the Windows operating system, which allows a remote attacker to escalate their privileges
The Microsoft Windows operating system contains a vulnerability related to improper verification and application of impersonation levels. This allows attackers to bypass security checks and elevate their privileges, including gaining administrator account information. If exploited successfully,...
Max CMS2. 0beta (maxcms)SQL injection and administrator authentication bypass vulnerability-vulnerability warning-the black bar safety net
This system was internally very popular video-on-demand system, before 1. 5 version vulnerability very much, the 2.0 version in terms of security has improved, but still there are loopholes exist. Look at the code \inc\ajax. asp dim action : action = getForm"action", "get" response. Charset="gbk"...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a newadmin action...
CVE-2010-2111
Cross-site request forgery CSRF vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a newadmin action...
Wing FTP Server v3.2.4 CSRF Vulnerability
No description provided by source. Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF Author: Ams Contact: mail: ax330d at gmail dot com site: http://www.0x416d73.name/ 1. About software "Wing FTP server is not only a FTP server. It's...
CVE-2008-7193
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery CSRF attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to 1 modify the user profile via uploadfiles/include.php or 2 create a new...
SlimCMS <= 1.0.0 (redirect.php) Privilege Escalation Exploit
No description provided by source. !/usr/bin/php -q ?php / SlimCMS = 1.0.0 Privilege Escalation Exploit Discovered By StAkeR aka athos - StAkeRathotmaildotit Discovered On 11/10/2008 http://downloads.sourceforge.net/slimcms/SlimCMS-1.0.0.tgz?modtime=1217343227&bigmirror=0 / errorreporting0; $host...