14 matches found
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5300
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
CVE-2011-5299
poMMo Aardvark PR16.1 is affected by multiple cross-site scripting (XSS) vulnerabilities allowing remote attackers to inject arbitrary web script or HTML via four parameters: referer (index.php), site_name (admin/setup/config/general.php), group_name (admin/subscribers/subscribers_groups.php), an...
CVE-2011-5299
Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...
CVE-2011-5300
CVE-2011-5300 affects poMMo Aardvark PR16.1. a CSRF in admin/setup/config/users.php allows remote attackers to hijack administrator authentication by submitting requests that modify credentials via certain admin_ parameters. Root cause is a CSRF in the credential-modification flow. Impact describ...
poMMo Aardvark PR16.1 Cross Site Scripting
Hello list! I want to warn you about multiple security vulnerabilities in poMMo. These are Cross-Site Scripting, Brute Force and Insufficient Anti-automation vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of poMMo poMMo Aardvark...
HTB22976: Multiple XSS (Cross Site Scripting) vulnerabilities in poMMo
Vulnerability ID: HTB22976 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinpommo.html Product: poMMo Vendor: Brice Burgess http://pommo.org/ Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: XSS Cross Site Scripting...
HTB22977: XSRF (CSRF) in poMMo
Vulnerability ID: HTB22977 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinpommo.html Product: poMMo Vendor: Brice Burgess http://pommo.org/ Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit:...
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47786/info poMMo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/47786/info poMMo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
poMMo Aardvark PR16.1 Cross Site Request Forgery / Cross Site Scripting
============================= Vulnerability ID: HTB22976 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinpommo.html Product: poMMo Vendor: Brice Burgess http://pommo.org/ Vulnerable Version: Aardvark PR16.1 Vendor Notification: 26 April 2011 Vulnerability...