12 matches found
EUVD-2014-2426
Malware in sbrugna...
EUVD-2016-7778
Malware in sbrugna...
EUVD-2021-30344
Malicious code in bioql PyPI...
CVE-2020-21238
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks...
CVE-2012-0286
Cross-site request forgery CSRF vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts...
CVE-2024-30264 typebot.io: `GHSL-2024-040`
Typebot is an open-source chatbot builder. A reflected cross-site scripting XSS in the sign-in page of typebot.io prior to version 2.24.0 may allow an attacker to hijack a user's account. The sign-in page takes the redirectPath parameter from the URL. If a user clicks on a link where the...
ROS-20231109-02
Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...
MGASA-2014-0031 Updated drupal package fixes security vulnerabilities
Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...
Interspire Email Marketer v6.0.1 Multiple Vulnerabilites
Exploit for php platform in category web applications Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Details: ======== 1.1 A SQL Injection vulnerability is detected in the Interspire Email Marketer v6.0.1, Email Marketing Software. The vulnerability allows an attacker remote or local...
List Site Pro v2 user account Hijacking vulnerablity
List Site Pro v2 user account Hijacking vulnerablity Severity:Low homepage:http://www.listsitepro.com It is possible to take over another user account by signing up and using | in one of the required feilds. List Site Pro uses '|' to delimit the database but the form input is not checked and...
CVE-2002-0097
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account...
Security Advisory for Bugzilla v2.15 (cvs20020103) and older
All users of Bugzilla, the bug-tracking system from mozilla.org, who are using a version of Bugzilla installed from a downloaded tarball or package file are strongly recommended to update to version 2.14.1. All users of Bugzilla who are currently using version 2.15 checked out of cvs prior to 15...