12 matches found
XCloner Standalone 3.5 - CSRF Vulnerability
No description provided by source...
Сross-Site Request Forgery (CSRF) in XCloner Standalone
Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site...
CVE-2014-2996
XCloner Standalone 3.5 and earlier, when enabledbbackup and sqlmem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackupcomp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses...
CVE-2014-2579
Multiple cross-site request forgery CSRF vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 change the administrator password via the config task to index2.php or 2 when the enabledbbackup and sqlmem...
Code injection
XCloner Standalone 3.5 and earlier, when enabledbbackup and sqlmem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackupcomp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses...
CVE-2014-2579
Multiple cross-site request forgery CSRF vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 change the administrator password via the config task to index2.php or 2 when the enabledbbackup and sqlmem...
CVE-2014-2996
XCloner Standalone 3.5 and earlier, when enabledbbackup and sqlmem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackupcomp parameter in a generate action to index2.php. NOTE: it is not clear whether this issue crosses...
XCloner Standalone跨站请求伪造漏洞
Bugtraq ID:65751 CVE ID:CVE-2014-2579 XCloner Standalone是一个备份和恢复应用。 XCloner Standalone存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 XCloner Standalone 3.5 目前没有详细解决方案: http://www.xcloner.com/...
XCloner Standalone 3.5 - Cross-Site Request Forgery
Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site...
XCloner Standalone 3.5 Cross Site Request Forgery Vulnerability
XCloner Standalone version 3.5 suffers from a cross site request forgery vulnerability. Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014...
XCloner Standalone 3.5 Cross Site Request Forgery
Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site...
Сross-Site Request Forgery (CSRF) in XCloner Standalone
High-Tech Bridge Security Research Lab discovered vulnerability in XCloner Standalone, which can be exploited to perform Сross-Site Request Forgery CSRF attacks and gain complete control over the website. 1. Сross-Site Request Forgery CSRF in XCloner Standalone: CVE-2014-2579 1.1 The vulnerabilit...