xEpan 1.0.4 - Multiple Vulnerability

Exploit for php platform in category web applications Exploit Title: Multiple Vulnerability xEpan 1.0.4 Google Dork: not yet Date: 2014-11-27 Exploit Author: Parikesit , Kurawa In Disorder Vendor Homepage: http://xepan.org Software Link: http://www.xepan.org/index.php?subpage=download Version:...

Сross-Site Request Forgery (CSRF) in xEpan

Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public Disclosure: November 26, 2014 Vulnerability...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page...

CVE-2014-8429

Cross-site request forgery CSRF vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page...

CVE-2014-8429

CVE-2014-8429 describes a Cross-Site Request Forgery (CSRF) in xEpan CMS (versions 1.0.1 and earlier; affected 1.0.4.1, 1.0.4) where an attacker can hijack administrator sessions by convincing a logged-in admin to perform an action that creates a new administrative account via a crafted request t...

xEpan 1.0.4 - Multiple Vulnerabilities

Exploit Title: Multiple Vulnerability xEpan 1.0.4 Google Dork: not yet Date: 2014-11-27 Exploit Author: Parikesit , Kurawa In Disorder Vendor Homepage: http://xepan.org Software Link: http://www.xepan.org/index.php?subpage=download Version: 1.0.4 Tested on: Windows 7 Ultimate Vulnerability Type:...

xEpan 1.0.4 - Multiple Vulnerabilities

xEpan 1.0.4 - Multiple Vulnerabilities Exploit Title: Multiple Vulnerability xEpan 1.0.4 Google Dork: not yet Date: 2014-11-27 Exploit Author: Parikesit , Kurawa In Disorder Vendor Homepage: http://xepan.org Software Link: http://www.xepan.org/index.php?subpage=download Version: 1.0.4 Tested on:...

xEpan 1.0.1 - Cross-Site Request Forgery

Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public Disclosure: November 26, 2014 Vulnerability...

xEpan 1.0.1 Cross Site Request Forgery

Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public Disclosure: November 26, 2014 Vulnerability...

xEpan 1.0.1 Cross Site Request Forgery Vulnerability

xEpan version 1.0.1 suffers from a cross site request forgery vulnerability. Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 201...

xEpan 1.0.1 - Cross-Site Request Forgery

xEpan 1.0.1 - Cross-Site Request Forgery Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Versions: 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 without technical details Vendor Notification: October 22, 2014 Public...

Сross-Site Request Forgery (CSRF) in xEpan

High-Tech Bridge Security Research Lab discovered vulnerability in xEpan, which can be exploited to compromise vulnerable web site. 1 Сross-Site Request Forgery CSRF in xEpan: CVE-2014-8429 The vulnerability exists due to insufficient validation of the HTTP request origin when creating new user...