14 matches found
EUVD-2011-5198
Malware in sbrugna...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
Multiple Cross-Site Scripting Vulnerabilities in poMMo Aardvark
poMMo Aardvark is a PHP-based mass mailing software. poMMo Aardvark PR16.1 suffers from multiple cross-site scripting vulnerabilities that allow remote attackers to send mass emails via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupna...
poMMo Aardvark Cross-Site Request Forgery Vulnerability
poMMo Aardvark is a PHP-based mass mailing software. A cross-site request forgery vulnerability exists in poMMo Aardvark PR16.1, which allows remote attackers to hijack administrative authentication by hijacking request authentication of administrars modifying credentials via certain admin...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
CVE-2011-5300
CVE-2011-5300 affects poMMo Aardvark PR16.1. a CSRF in admin/setup/config/users.php allows remote attackers to hijack administrator authentication by submitting requests that modify credentials via certain admin_ parameters. Root cause is a CSRF in the credential-modification flow. Impact describ...
CVE-2011-5299
poMMo Aardvark PR16.1 is affected by multiple cross-site scripting (XSS) vulnerabilities allowing remote attackers to inject arbitrary web script or HTML via four parameters: referer (index.php), site_name (admin/setup/config/general.php), group_name (admin/subscribers/subscribers_groups.php), an...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
poMMo Aardvark PR16.1 Cross Site Scripting
Hello list! I want to warn you about multiple security vulnerabilities in poMMo. These are Cross-Site Scripting, Brute Force and Insufficient Anti-automation vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of poMMo poMMo Aardvark...