EUVD-2013-2693

Malware in sbrugna...

UMI.CMS 2.9 - CSRF Vulnerability

No description provided by source. 添加一个管理员用户：csrfuser|||password document.main.submit;...

CVE-2013-2754

Cross-site request forgery CSRF vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/...

CVE-2013-2754

Cross-site request forgery CSRF vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/...

CVE-2013-2754

UMI.CMS CSRF vulnerability (CVE-2013-2754) affects UMI.CMS 2.9 and earlier, via the admin/users/add/user/do/ endpoint. The issue allows an attacker to craft requests that run with an authenticated administrator’s privileges to create new administrator accounts, effectively hijacking admin access....

UMI CMS 2.9 - Cross-Site Request Forgery

UMI CMS 2.9 - Cross-Site Request Forgery Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request...

UMI CMS 2.9 - Cross-Site Request Forgery

Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2013-275...

Cross-Site Request Forgery (CSRF) in UMI.CMS

Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2013-275...

UMI.CMS 2.9 Cross Site Request Forgery Vulnerability

UMI.CMS version 2.9 suffers from a cross site request forgery vulnerability. Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type:...

UMI.CMS 2.9 Cross Site Request Forgery

Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Versions: 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2013-275...

Cross-Site Request Forgery (CSRF) in UMI.CMS

High-Tech Bridge Security Research Lab discovered CSRF vulnerability in UMI.CMS, which can be exploited to perform Cross-Site Request Forgery CSRF attacks and create new administrator in the vulnerable application. 1 Cross-site Request Forgery CSRF in UMI.CMS: CVE-2013-2754 The application allows...

HTB22811: XSS vulnerability in UMI.CMS

Vulnerability ID: HTB22811 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Low Credit:...

HTB22812: XSRF (CSRF) in UMI.CMS

Vulnerability ID: HTB22812 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinumicms.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit: High-Tec...

HTB22813: XSS vulnerability in UMI.CMS

Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms1.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk level: Medium...

UMI.CMS 2.8.1.2 Cross Site Request Forgery

Vulnerability ID: HTB22812 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinumicms.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit: High-Tec...

UMI.CMS 2.8.1.2 Cross Site Scripting

==================================== Vulnerability ID: HTB22813 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinumicms1.html Product: UMI.CMS Vendor: umisoft http://www.umi-cms.ru/ Vulnerable Version: 2.8.1.2 Vendor Notification: 25 January 2011 Vulnerability Type: Stored XSS Cross...

UMI.CMS Cross-Site Scripting vulnerability

---------------------------------------------------------------------- PT-2009-12 Positive Technologies Security Advisory UMI.CMS Cross-Site Scripting vulnerability ---------------------------------------------------------------------- --- Affected Software UMI.CMS Versions 2.x prior to 2.7.1 bui...

[ONSEC-09-011] UMI.CMS Multiple XSS

ONSEC-09-011 UMI.CMS Multiple XSS Цель: UMI CMS =2.7.3 Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 15.07.2009 Дата оповещения разработчика: 15.07.2009 Дата выхода исправления: 03.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимые поля...

[ONSEC-09-012] UMI.CMS Hash based Captcha

ONSEC-09-012 UMI.CMS Hash based Captcha Цель: UMI CMS =2.7.3 Тип: Обход ограничений Угроза: Средняя Дата обнаружения: 15.07.2009 Дата оповещения разработчика: 15.07.2009 Дата выхода исправления: 03.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: В модуле...