130 matches found
Zikula CMS 1.2.4 Cross Site Request Forgery
==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1. OVERVIEW The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND Zikula is a...
Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability
==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1. OVERVIEW The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND Zikula is a...
Fedora 13 : zikula-1.2.3-1.fc13 (2010-8501)
Upstream pushed this release to fix two security issues one XSS, and one CSRF Upstream also removed a non-free JavaScript library that we previously had to strip. http://community.zikula.org/module-News-display-sid-3012.htm Note that Tenable Network Security has extracted the preceding descriptio...
Fedora 12 : zikula-1.2.3-1.fc12 (2010-8464)
Upstream pushed this release to fix two security issues one XSS, and one CSRF Upstream also removed a non-free JavaScript library that we previously had to strip. http://community.zikula.org/module-News-display-sid-3012.htm Note that Tenable Network Security has extracted the preceding descriptio...
Fedora Update for zikula FEDORA-2010-8464
Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8464 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for zikula FEDORA-2010-8501
Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8501 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for zikula FEDORA-2010-8464
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for zikula FEDORA-2010-8501
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
[SECURITY] Fedora 12 Update: zikula-1.2.3-1.fc12
A free open source Web Application Framework. It can be used to develop robust, secure, interactive and editable websites and web based applications. Zikula is written in PHP, object oriented, and fully modular. It requires a database and may use all leading database platforms like MySQL,...
Zikula Multiple XSS and CSRF Vulnerabilities
This host is running Zikula and is prone to multiple cross-site scripting and cross-site request forgery vulnerabilities. OpenVAS Vulnerability Test $Id: gbzikulamultxssncsrfvuln.nasl 5388 2017-02-21 15:13:30Z teissa $ Zikula Multiple XSS and CSRF Vulnerabilities Authors: Madhuri D Updated By:...
Zikula < 1.2.3 Multiple XSS and CSRF Vulnerabilities
Zikula is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...
CVE-2010-1732
Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...
CVE-2010-1732
Zikula Application Framework up to version 1.2.3 has a CSRF vulnerability in the users module (updateemail action) that could allow an attacker to hijack an administrator’s email address. The flaw is addressed in the 1.2.3 release, which upstream fixed two security issues (XSS and CSRF) and remov...
CVE-2010-1732
Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...
CVE-2010-1724
CVE-2010-1724 affects Zikula Application Framework (v1.2.2 and possibly earlier). The vulnerability is XSS in the index.php handling of func and lang parameters via ZLanguage.php, enabling remote injection of arbitrary script/HTML. OpenVAS entries corroborate multiple XSS/CSRF issues for Zikula. ...
CVE-2010-1724
Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...
Zikula Application Framework 1.2.2 Cross Site Request Forgery
Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...
XSRF (CSRF) in Zikula Application Framework
Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...