461 matches found
CVE-2014-4963
Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action...
CVE-2013-3258
Cross-site request forgery CSRF vulnerability in he Digg Digg plugin before 5.3.5 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...
Google Chrome added pop-up warning to prevent users from Browser hijacking
GOOGLE, one of the most trusted brands continuously trying to keep its products more robust and secure for keeping its users safe. Google honors vulnerability hunters under its Bug bounty program and not only that, the company also offer a huge amount of reward to hackers in 'Pwnium' hacking...
CVE-2013-6026
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...
VulnCheck KEV: CVE-2013-6026
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an...
CVE-2013-3479
Cross-site request forgery CSRF vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the WP Maintenance Mode plugin before 1.8.8 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's settings...
Katello: lack of authorization in proxies_controller.rb
proxiescontroller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system...
CVE-2012-1922
CVE-2012-1921 and CVE-2012-1922 describe CSRF vulnerabilities in Sitecom WLM-2501 affecting the goform/admin/formWlEncrypt and related forms. An attacker can trick administrators into issuing requests that hijack their authenticated session and modify settings, notably changing the router passphr...
Authentication flaw
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors...
Design/Logic Flaw
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack...
JROX.COM Affiliate Manager CBFront CSRF
Exploit for php platform in category web applications Exploit Title: JROX.COM Affiliate Manager CBFront CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/jroxcom-affiliate-manager/20262/ Category:: webapps Demo : http://www.jroxdemo.com/jamdemo162/admin/index.php...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings parameters...
CVE-2010-0380
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation...
Cross site request forgery (csrf)
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System NMS settings via a crafted SNMP set request...
EUVD-2008-6935
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System NMS settings via a crafted SNMP set request...
LoveCMS 1.6.2 Final Update Settings Remote Exploit
No description provided by source. !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 3: changing site settings ... Description: Simply change the site settings ! Usage: ./LoveCMS3settings.rb host Ex: ./LoveCMS2themes.rb...
EUVD-2006-4574
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modifprofil.php, and changing a password via...
CVE-2005-1932
Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and 1 modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, 2 close, open, or respond to arbitrary support tickets via the close, open, or...
CVE-2004-0087
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088...