EUVD-2012-1441

Malware in sbrugna...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add administrator accounts via a membernew action to myadmin/admin1members.php or 2 modify the default site title via a save action...

CVE-2012-1416

Multiple cross-site request forgery CSRF vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add administrator accounts via a membernew action to myadmin/admin1members.php or 2 modify the default site title via a save action...

CVE-2012-1416

The CVE-2012-1416 entry concerns CSRF flaws in SocialCMS 1.0.2 that allow an attacker to hijack administrator sessions by triggering (1) member_new to create admin accounts or (2) saving a new site title via admin interfaces. Affected software: SocialCMS 1.0.2; impact described as unauthorized ad...

CVE-2012-1982

CVE-2012-1982 describes a cross-site scripting (XSS) vulnerability in SocialCMS 1.0.2 and earlier. The flaw is in the file my_admin/admin1_list_pages.php where an attacker with authenticated access can inject arbitrary web script or HTML via the TR_title parameter in an edit action. Affected soft...

SocialCMS 1.0.2 - Cross-Site Request Forgery

+-------------------------------------------------------------------------+ Exploit Title : Socialcms CSRF Vulnerability Date : 16-02-2012 Author : Ivano Binetti http://ivanobinetti.com Vendor site : http://socialcms.com Software link :...

SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities

SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Wed 20 april 2011 11:18:22 AM Vendor: www.socialcms.com Download: http://sourceforge.net/projects/socialcms/ --- input type="hidden" name="configurationdescription" val...