EUVD-2006-3753

Malware in sbrugna...

Fiyo CMS 2.0.6.1 Privilege Escalation Vulnerability

Fiyo CMS version 2.0.6.1 suffers from a privilege escalation vulnerability due to poor design with trusting the client to tell the server a user's role. Exploit Title: Privilege Escalation Manipulation of User Group Vulnerability on Fiyo CMS 2.0.6.1 Google Dork: no Date: 11-03-2017 Exploit Author...

Fiyo CMS 2.0.6.1 Privilege Escalation

Exploit Title: Privilege Escalation Manipulation of User Group Vulnerability on Fiyo CMS 2.0.6.1 Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link: https://sourceforge.net/projects/fiyo-cms Version: 2.0.6.1 Tested on: Window...

Fiyo CMS 2.0.6.1 - Privilege Escalation

Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link: https://sourceforge.net/projects/fiyo-cms Version: 2.0.6....

Concrete CMS: No csrf protection on index.php/ccm/system/user/add_group, index.php/ccm/system/user/remove_group

crayons There is no csrf protection on index.php/ccm/system/user/addgroup, and index.php/ccm/system/user/removegroup. A malicious POST request can be constructed to add or remove group membership from arbitrary users, if a logged-in admin surfs to a compromised site. For example, a registered use...

CVE-2006-3759

Unspecified vulnerability in MyBB aka MyBulletinBoard 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."...

CVE-2006-3759

Unspecified vulnerability in MyBB aka MyBulletinBoard 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."...

CVE-2006-3759

Technical details, affected product versions, root cause, and exploitation specifics are not provided in the supplied documents. Monitor for updates from NVD/CVE listings for CVE-2006-3759.