23 matches found
EUVD-2011-5198
Malware in sbrugna...
EUVD-2011-5199
Malware in sbrugna...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
poMMo Aardvark Cross-Site Request Forgery Vulnerability
poMMo Aardvark is a PHP-based mass mailing software. A cross-site request forgery vulnerability exists in poMMo Aardvark PR16.1, which allows remote attackers to hijack administrative authentication by hijacking request authentication of administrars modifying credentials via certain admin...
Multiple Cross-Site Scripting Vulnerabilities in poMMo Aardvark
poMMo Aardvark is a PHP-based mass mailing software. poMMo Aardvark PR16.1 suffers from multiple cross-site scripting vulnerabilities that allow remote attackers to send mass emails via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupna...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
CVE-2011-5299
poMMo Aardvark PR16.1 is affected by multiple cross-site scripting (XSS) vulnerabilities allowing remote attackers to inject arbitrary web script or HTML via four parameters: referer (index.php), site_name (admin/setup/config/general.php), group_name (admin/subscribers/subscribers_groups.php), an...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
CVE-2011-5300
CVE-2011-5300 affects poMMo Aardvark PR16.1. a CSRF in admin/setup/config/users.php allows remote attackers to hijack administrator authentication by submitting requests that modify credentials via certain admin_ parameters. Root cause is a CSRF in the credential-modification flow. Impact describ...
BF, XSS, IAA и CSRF уязвимости в poMMo
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force, Cross-Site Scripting, Insufficient Anti-automation и Cross-Site Request Forgery уязвимостях в poMMo. Brute Force WASC-11: http://site/pommo/index.php XSS WASC-08:...
Новые уязвимости в poMMo
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Insufficient Anti-automation и Abuse of Functionality уязвимостях в poMMo. Information Leakage WASC-13: После введения емайла на subscribe.php, на странице http://site/pommo/user/process.php выводится pendingcode в качестве...
poMMo Aardvark PR16.1 Cross Site Scripting
Hello list! I want to warn you about multiple security vulnerabilities in poMMo. These are Cross-Site Scripting, Brute Force and Insufficient Anti-automation vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of poMMo poMMo Aardvark...
HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo
Vulnerability ID: HTB22976 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinpommo.html Product: poMMo Vendor: Brice Burgess http://pommo.org/ Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: XSS Cross Site Scripting...
HTB22977: XSRF (CSRF) in poMMo
Vulnerability ID: HTB22977 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinpommo.html Product: poMMo Vendor: Brice Burgess http://pommo.org/ Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit:...
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47786/info poMMo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...