4 matches found
EUVD-2015-9415
Next Click Ventures RealtyScript 4.0.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create unauthorized user accounts and administrative users by crafting malicious forms. Attackers can submit hidden form data to /admin/addusers.php and...
CVE-2024-3676
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These account...
YzmCMS Cross-Site Request Forgery Vulnerability (CNVD-2021-40496)
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the existence of cross-site request forgery vulnerability, the attacker can be member/member/add.html through the use of this vulnerability to add...
Cisco Spark Representational State Transfer Interface Unauthorized Access Vulnerability
A vulnerability in the Representational State Transfer REST interface of Cisco Spark could allow an unauthenticated, remote attacker to make changes to an affected system system. The vulnerability is due to improper implementation of authorization controls when accessing certain web pages of the...