18 matches found
EUVD-2014-9169
Malware in sbrugna...
EUVD-2014-9168
Malware in sbrugna...
Snowfox CMS 'rd' Parameter Open Redirect Vulnerability
Snowfox CMS is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-9344
Cross-site request forgery CSRF vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/...
CVE-2014-9343
Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/...
Open redirect
Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/...
CVE-2014-9344
CVE-2014-9344 describes a CSRF vulnerability in Snowfox CMS prior to 1.0.10 that lets an attacker hijack administrator authentication by submitting requests to add a new admin account through the admin/accounts/create URI. Affected product/version: Snowfox CMS 1.0 (before 1.0.10). Root cause: ins...
CVE-2014-9344
Cross-site request forgery CSRF vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/...
CVE-2014-9343
Snowfox CMS 1.0 is affected by an open redirect in modules/system/controller/selectlanguage.class.php, exploitable via the rd parameter in a submit action. The open-redirect occurs because user-supplied rd is used to perform a header("Location:") redirect without proper validation, enabling poten...
CVE-2014-9343
Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the rd parameter in a submit action to snowfox/...
Snowfox CMS 1.0 Cross Site Request Forgery
input type="hidden" name="userGroups...
Snowfox CMS 1.0 Cross Site Request Forgery / Open Redirect Vulnerabilities
Snowfox CMS version 1.0 suffers from a cross site request forgery and pen redirection Vulnerabilities input type="hidden" na...
Snowfox CMS 1.0 - Cross-Site Request Forgery (Add Admin)
Snowfox CMS 1.0 - Cross-Site Request Forgery Add Admin input type="hidden" name="userGroups"...
Snowfox CMS 1.0 Open Redirect
Snowfox CMS v1.0 rd param Open Redirect Vulnerability Vendor: Globiz Solutions Product web page: http://www.snowfoxcms.org Affected version: 1.0 Summary: Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission...
Snowfox CMS 1.0 - Cross-Site Request Forgery (Add Admin)
input type="hidden" name="userGroups" value="34"...
Snowfox CMS v1.0 CSRF Add Admin Exploit
Summary Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission configurations. Description Snowfox CMS suffers from a cross-site request forgery vulnerabilities. The application allows users to perform certain actions...
Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability
Summary Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission configurations. Description Input passed via the 'rd' GET parameter in 'selectlanguage.class.php' script is not properly verified before being used to...