Lucene search
K

653 matches found

CVE
CVE
added 2017/03/15 4:0 p.m.44 views

CVE-2017-6918

BigTree CMS 4.2.16 exposes a CSRF vulnerability via the value[#][*] parameter to the /admin/settings/update/ page, which can change Navigation Social settings. Affected component is the admin settings handler; root cause is cross-site request forgery without user interaction risk details provided...

4.3CVSS5.2AI score0.00389EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/02/13 9:59 p.m.23 views

CVE-2016-8357

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...

7.1CVSS7.5AI score0.00943EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/12/16 12:0 a.m.17 views

Moodle 3.0.x < 3.0.7 Multiple Vulnerabilities

Binary data 9836.prm...

5.3CVSS7.3AI score0.01196EPSS
Exploits0References4
CNVD
CNVD
added 2016/12/14 12:0 a.m.2 views

Multiple Stored XSS Vulnerabilities in Journalx 2.0, a Remote Processing System for Journal Manuscripts

Journalx 2.0 is an independently developed platform for remote processing of journal manuscripts developed by Beijing Magtech. Journalx 2.0 contains multiple stored XSS vulnerabilities. The vulnerabilities can be exploited by an attacker to submit data with js code on the personal information pag...

6.6AI score
Exploits0
OSV
OSV
added 2016/10/31 10:59 a.m.4 views

CVE-2016-7991

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542...

7.5CVSS5.8AI score0.00492EPSS
Exploits0References2
CNVD
CNVD
added 2016/10/20 12:0 a.m.5 views

Unspecified Vulnerability in Oracle PeopleSoft Enterprise HCM (CNVD-2016-09930)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise HCM is one of the Human Capital Management HCM components. An unspecified...

4.9CVSS6.8AI score0.00995EPSS
Exploits0References1
Patchstack
Patchstack
added 2016/04/25 12:0 a.m.4 views

WordPress iThemes Security Plugin <= 5.3.5 - Bypass

This plugin is prone to lack of capability check vulnerability. It allows anyone “fake click” on this button, hiding the changes to the administrator. Solution Update the plugin...

2.4AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2016/02/03 12:0 a.m.10 views

WordPress WP Invoice Plugin <= 4.1.0 - Multiple Vulnerabilities

This plugin is prone to unauthorized setting changes, retrieving invoices of arbitrary users, updating previously invoiced users meta data and privilege escalation of logged in users. Solution Update the plugin...

4.3AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2016/01/23 12:0 a.m.6 views

Solaris System Archive Utility Component Data Modification Vulnerability

Solaris is a unix-based operating system. An unspecified vulnerability in the Solaris System Archive Utility component could allow an attacker to make unauthorized changes to data information...

5CVSS6.8AI score0.01584EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/12/18 12:0 a.m.6 views

The vulnerability of the RSView32 SCADA system, which allows a intruder to gain access to the SCADA system

The vulnerability of the password encryption algorithm used in SCADA systems like RSView32 is related to errors in the encryption algorithm itself. Exploiting this vulnerability could allow an intruder to gain access to the SCADA system and make unauthorized changes to the controlled technologica...

6CVSS5.5AI score0.00615EPSS
Exploits0References3
Cisco
Cisco
added 2015/08/14 8:15 p.m.33 views

Cisco TelePresence Video Communication Server Expressway Access Vulnerability

A vulnerability in the Password Change functionality in the Administrative Web Interface of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to make unauthorized changes to user passwords. The vulnerability is due to insufficient...

4CVSS6.3AI score0.02407EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

FlexCMS 3.2.1 - Multiple CSRF Vulnerabilities

No description provided by source. +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : FlexCMS 3.2.1 Multiple CSRF Date : 16-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.32 views

D-Link DSL-2750U ME_1.09 - CSRF Vulnerability

No description provided by source. Exploit Title: D-Link DSL-2750U CSRF Vulnerability Author: khaledmohdarMysterious guy E-mail: [email protected]/khaledmohdar Category: Hardware Google Dork: N/A Vendor: http://www.dlink.com/ Firmware Version: ME1.09 Product:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/05/21 12:0 a.m.36 views

Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities

Exploit Title: Binatone DT 850W Wireless Router - Multiple CSRF Vulnerabilities Date: 05/20/2014 Author: Samandeep Singh - SaMaN @samanL33T Vendor Homepage:http://www.binatonetelecom.in/4port-adsl2-wifi-router1.html Category: Hardware/Wireless Router Firmware Version: T6W-A1.005 and below Tested...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2014/04/17 8:32 p.m.21 views

Respondly: Clickjacking - changing role

Hi, I'm able to frame the page, when I make a frame with a opacity of 0 and a button at the position of the role switch I can change the role without the victim knowing that. a POC screen : http://prntscr.com/3ay0mh a POC code : Best regards, Olivier Beg...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/09/13 12:0 a.m.25 views

AIX PowerHA Cluster Management Unspecified Remote Configuration Manipulation

An unspecified vulnerability in the IBM PowerHA Cluster Management monitoring of port 6177 could allow a remote attacker to make unauthorized changes the remote host's AIX configuration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

7.8CVSS5.6AI score0.02636EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2013/05/08 6:6 a.m.10 views

Hacker arrested by Taiwan Investigation Bureau

A suspect hacker 'Shih' was arrested by Taiwan Criminal Investigation Bureau CIB last week for hacking into a popular local classic music website. The police raided the apartment of the suspect and seized his computer. The investigation was launched by the bureau after it received a report from t...

8AI score
Exploits0
exploitpack
exploitpack
added 2013/03/01 12:0 a.m.10 views

doorGets CMS - Cross-Site Request Forgery

doorGets CMS - Cross-Site Request Forgery Title: Doorgets CSRF Vulnerability Author: n0pe Software Link: http://www.doorgets.com/ Download: http://www.doorgets.com/?sourcescms Tested: BackBox Linux 3 With this vulnerability you can change the configuration of the site. Proof of concept: Title...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/03/01 12:0 a.m.21 views

doorGets CMS - Cross-Site Request Forgery

Title: Doorgets CSRF Vulnerability Author: n0pe Software Link: http://www.doorgets.com/ Download: http://www.doorgets.com/?sourcescms Tested: BackBox Linux 3 With this vulnerability you can change the configuration of the site. Proof of concept: Title Slogan Description Copyright Year of creation...

7AI score
Exploits0
0day.today
0day.today
added 2013/01/24 12:0 a.m.33 views

WordPress SolveMedia 1.1.0 CSRF Vulnerability

SolveMedia is a capatcha service that allows webmasters to monetize from correct captcha type-ins, solvemedia.admin.inc is vulnerable to CSRF, there is no anti-CSRF tokens implemented nor is the wp-nonce function used, therefore an attacker can change the webmasters SolveMedia API Keys public key...

6.9AI score
Exploits0
Rows per page
Query Builder