653 matches found
CVE-2017-6918
BigTree CMS 4.2.16 exposes a CSRF vulnerability via the value[#][*] parameter to the /admin/settings/update/ page, which can change Navigation Social settings. Affected component is the admin settings handler; root cause is cross-site request forgery without user interaction risk details provided...
CVE-2016-8357
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...
Moodle 3.0.x < 3.0.7 Multiple Vulnerabilities
Binary data 9836.prm...
Multiple Stored XSS Vulnerabilities in Journalx 2.0, a Remote Processing System for Journal Manuscripts
Journalx 2.0 is an independently developed platform for remote processing of journal manuscripts developed by Beijing Magtech. Journalx 2.0 contains multiple stored XSS vulnerabilities. The vulnerabilities can be exploited by an attacker to submit data with js code on the personal information pag...
CVE-2016-7991
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542...
Unspecified Vulnerability in Oracle PeopleSoft Enterprise HCM (CNVD-2016-09930)
Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise HCM is one of the Human Capital Management HCM components. An unspecified...
WordPress iThemes Security Plugin <= 5.3.5 - Bypass
This plugin is prone to lack of capability check vulnerability. It allows anyone “fake click” on this button, hiding the changes to the administrator. Solution Update the plugin...
WordPress WP Invoice Plugin <= 4.1.0 - Multiple Vulnerabilities
This plugin is prone to unauthorized setting changes, retrieving invoices of arbitrary users, updating previously invoiced users meta data and privilege escalation of logged in users. Solution Update the plugin...
Solaris System Archive Utility Component Data Modification Vulnerability
Solaris is a unix-based operating system. An unspecified vulnerability in the Solaris System Archive Utility component could allow an attacker to make unauthorized changes to data information...
The vulnerability of the RSView32 SCADA system, which allows a intruder to gain access to the SCADA system
The vulnerability of the password encryption algorithm used in SCADA systems like RSView32 is related to errors in the encryption algorithm itself. Exploiting this vulnerability could allow an intruder to gain access to the SCADA system and make unauthorized changes to the controlled technologica...
Cisco TelePresence Video Communication Server Expressway Access Vulnerability
A vulnerability in the Password Change functionality in the Administrative Web Interface of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to make unauthorized changes to user passwords. The vulnerability is due to insufficient...
FlexCMS 3.2.1 - Multiple CSRF Vulnerabilities
No description provided by source. +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : FlexCMS 3.2.1 Multiple CSRF Date : 16-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com...
D-Link DSL-2750U ME_1.09 - CSRF Vulnerability
No description provided by source. Exploit Title: D-Link DSL-2750U CSRF Vulnerability Author: khaledmohdarMysterious guy E-mail: [email protected]/khaledmohdar Category: Hardware Google Dork: N/A Vendor: http://www.dlink.com/ Firmware Version: ME1.09 Product:...
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
Exploit Title: Binatone DT 850W Wireless Router - Multiple CSRF Vulnerabilities Date: 05/20/2014 Author: Samandeep Singh - SaMaN @samanL33T Vendor Homepage:http://www.binatonetelecom.in/4port-adsl2-wifi-router1.html Category: Hardware/Wireless Router Firmware Version: T6W-A1.005 and below Tested...
Respondly: Clickjacking - changing role
Hi, I'm able to frame the page, when I make a frame with a opacity of 0 and a button at the position of the role switch I can change the role without the victim knowing that. a POC screen : http://prntscr.com/3ay0mh a POC code : Best regards, Olivier Beg...
AIX PowerHA Cluster Management Unspecified Remote Configuration Manipulation
An unspecified vulnerability in the IBM PowerHA Cluster Management monitoring of port 6177 could allow a remote attacker to make unauthorized changes the remote host's AIX configuration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Hacker arrested by Taiwan Investigation Bureau
A suspect hacker 'Shih' was arrested by Taiwan Criminal Investigation Bureau CIB last week for hacking into a popular local classic music website. The police raided the apartment of the suspect and seized his computer. The investigation was launched by the bureau after it received a report from t...
doorGets CMS - Cross-Site Request Forgery
doorGets CMS - Cross-Site Request Forgery Title: Doorgets CSRF Vulnerability Author: n0pe Software Link: http://www.doorgets.com/ Download: http://www.doorgets.com/?sourcescms Tested: BackBox Linux 3 With this vulnerability you can change the configuration of the site. Proof of concept: Title...
doorGets CMS - Cross-Site Request Forgery
Title: Doorgets CSRF Vulnerability Author: n0pe Software Link: http://www.doorgets.com/ Download: http://www.doorgets.com/?sourcescms Tested: BackBox Linux 3 With this vulnerability you can change the configuration of the site. Proof of concept: Title Slogan Description Copyright Year of creation...
WordPress SolveMedia 1.1.0 CSRF Vulnerability
SolveMedia is a capatcha service that allows webmasters to monetize from correct captcha type-ins, solvemedia.admin.inc is vulnerable to CSRF, there is no anti-CSRF tokens implemented nor is the wp-nonce function used, therefore an attacker can change the webmasters SolveMedia API Keys public key...