68 matches found
CVE-2019-11374
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI...
Cross site request forgery (csrf)
FastAdmin V1.0.0.20190111beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI...
CVE-2019-11078
MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the ucenter/userinfo.php URI...
CVE-2019-10237
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040...
PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)
Exploit Title: PilusCart 1.4.1 - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 10-03-2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://github.com/piluscart Software Link:...
DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADM...
DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery
Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADMIN Version: 1.55 CVE: CVE-2019-9625...
CVE-2019-9625
JBMC DirectAdmin 1.55 allows CSRF via the /CMDACCOUNTADMIN URI to create a new admin account...
HPE iLO 4 < 2.53 - Add New Administrator User
!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...
CVE-2018-6408
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. CSRF exists in hy-cgi/user.cgi, as demonstrated by changing an administrator password or adding a new administrator account...
Photography CMS 1.0 Cross Site Request Forgery
New Admin Username: Password: Confirm Password: Email: $"ekleabi".live'click',function $.ajax type: "POST", url: "http://ronnieswietek.com/cc/clients/resources/ajax/ajaxnewadmin.php", data: username:$".efe username".val, password1:$".efe password1".val, password2:$".efe password2".val, email:$".e...
Robert 0.5 - Multiple Vulnerabilities
Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link : https://github.com/RobertManager/robert/archive/master.zip Live demo :...
FiverrScript CSRF Vulnerability (Add New Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: FiverrScript CSRF Vulnerability add New admin Author: Mahmoud Gamal @Zombiehelp54 Google Dork: intext:Powered by FiverrScript Date: 10/06/2015 Exploit Author: Scriptolution Vendor Homepage: http://scriptolution.com Software Link...
EVO-CMS 2.1.0 Cross Site Request Forgery
Affected software: evo cms Type of vulnerability: adding new admin csrf URL: http://www.evo-german.com/ Discovered by: Provensec Website: http://www.provensec.com version:EVO-CMS 2.1.0 Proof of concept attacker was able to add new admin as there were no protection against csrf poc poc: input...
CVE-2014-9344
Cross-site request forgery CSRF vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/...
dotProject 2.1.5 CSRF Vulnerability
No description provided by source. Source: http://packetstormsecurity.org/files/view/98245/dotProject2.1.5-xsrf.txt !------------------------------------------------------------------------ Software................dotProject 2.1.5 Vulnerability...........Cross-site Request Forgery...
AdaptCMS_Lite_1.5 2009-07-07
No description provided by source. =========================================================================== Topic : AdaptCMSLite1.5 2009-07-07 Bug type : change admin user,passwd & add new admin user exploit Download :...
Libera CMS <= 1.12 (Cookie) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl ---------------------------------------------------------- Libera CMS = 1.12 Cookie Remote SQL Injection Exploit Perl Exploit - Add a new admin with your credentials! Author: StAkeR - StAkeRathotmaildotit...
Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution
Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...
Symantec Messaging Gateway Save.do Cross Site Request Forgery (CVE-2012-0308)
A cross-site request forgery CSRF vulnerability has been reported in Symantec Messaging Gateway. The vulnerability is due to errors while validating user input. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted URI. Successful exploitation would allow...