Lucene search
K

461 matches found

NVD
NVD
added 2014/07/15 2:55 p.m.10 views

CVE-2014-4963

Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action...

6.8CVSS6.8AI score0.03744EPSS
Exploits0References2
NVD
NVD
added 2014/06/02 3:55 p.m.16 views

CVE-2013-3258

Cross-site request forgery CSRF vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...

6.8CVSS7.1AI score0.0107EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2014/02/03 8:14 p.m.14 views

Google Chrome added pop-up warning to prevent users from Browser hijacking

GOOGLE, one of the most trusted brands continuously trying to keep its products more robust and secure for keeping its users safe. Google honors vulnerability hunters under its Bug bounty program and not only that, the company also offer a huge amount of reward to hackers in 'Pwnium' hacking...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2013/10/19 10:0 a.m.38 views

CVE-2013-6026

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...

6.8AI score0.0768EPSS
Exploits4References3
VulnCheck KEV
VulnCheck KEV
added 2013/10/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-6026

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an...

10CVSS5.8AI score0.0768EPSS
Exploits4References1
NVD
NVD
added 2013/09/05 3:27 a.m.21 views

CVE-2013-3479

Cross-site request forgery CSRF vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings...

6.8CVSS7.1AI score0.01178EPSS
Exploits0References2
Prion
Prion
added 2013/06/21 8:55 p.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings...

6.8CVSS7.8AI score0.00952EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2013/02/21 7:4 p.m.8 views

Katello: lack of authorization in proxies_controller.rb

proxiescontroller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system...

5.5CVSS6AI score0.01042EPSS
Exploits0References4
CVE
CVE
added 2013/01/24 1:0 a.m.40 views

CVE-2012-1922

CVE-2012-1921 and CVE-2012-1922 describe CSRF vulnerabilities in Sitecom WLM-2501 affecting the goform/admin/formWlEncrypt and related forms. An attacker can trick administrators into issuing requests that hijack their authenticated session and modify settings, notably changing the router passphr...

6.8CVSS7.3AI score0.01389EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2012/11/08 11:46 a.m.14 views

Authentication flaw

MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors...

5.5CVSS6.5AI score0.01139EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2012/08/17 8:55 p.m.15 views

Design/Logic Flaw

The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...

5.5CVSS6.4AI score0.01107EPSS
Exploits0References3Affected Software1
0day.today
0day.today
added 2012/03/12 12:0 a.m.29 views

JROX.COM Affiliate Manager CBFront CSRF

Exploit for php platform in category web applications Exploit Title: JROX.COM Affiliate Manager CBFront CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/jroxcom-affiliate-manager/20262/ Category:: webapps Demo : http://www.jroxdemo.com/jamdemo162/admin/index.php...

7.1AI score
Exploits0
Prion
Prion
added 2012/02/07 9:55 p.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings parameters...

3.5CVSS7.8AI score0.00951EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2010/01/22 10:0 p.m.19 views

CVE-2010-0380

install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation...

5CVSS6.7AI score0.01954EPSS
Exploits1References2
Prion
Prion
added 2009/08/19 5:24 a.m.15 views

Cross site request forgery (csrf)

MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System NMS settings via a crafted SNMP set request...

6.4CVSS7.1AI score0.09178EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2009/08/18 10:0 a.m.6 views

EUVD-2008-6935

MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System NMS settings via a crafted SNMP set request...

6.4CVSS6.4AI score0.09178EPSS
Exploits1References3
seebug.org
seebug.org
added 2008/08/07 12:0 a.m.12 views

LoveCMS 1.6.2 Final Update Settings Remote Exploit

No description provided by source. !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 3: changing site settings ... Description: Simply change the site settings ! Usage: ./LoveCMS3settings.rb host Ex: ./LoveCMS2themes.rb...

7.1AI score
Exploits0
EUVD
EUVD
added 2006/09/06 10:0 p.m.4 views

EUVD-2006-4574

The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modifprofil.php, and changing a password via...

5.5CVSS7AI score0.03088EPSS
Exploits1References10
NVD
NVD
added 2005/07/05 4:0 a.m.13 views

CVE-2005-1932

Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and 1 modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, 2 close, open, or respond to arbitrary support tickets via the close, open, or...

2.1CVSS6.1AI score0.00732EPSS
Exploits0References9
Cvelist
Cvelist
added 2004/01/29 5:0 a.m.23 views

CVE-2004-0087

The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088...

7.3AI score0.00335EPSS
Exploits0References4
Rows per page
Query Builder