Lucene search
K

130 matches found

Packet Storm
Packet Storm
added 2011/02/01 12:0 a.m.28 views

Zikula CMS 1.2.4 Cross Site Request Forgery

==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1. OVERVIEW The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND Zikula is a...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2011/02/01 12:0 a.m.45 views

Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability

==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1. OVERVIEW The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND Zikula is a...

Exploits0
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.24 views

Fedora 13 : zikula-1.2.3-1.fc13 (2010-8501)

Upstream pushed this release to fix two security issues one XSS, and one CSRF Upstream also removed a non-free JavaScript library that we previously had to strip. http://community.zikula.org/module-News-display-sid-3012.htm Note that Tenable Network Security has extracted the preceding descriptio...

6.8CVSS5.4AI score0.04103EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.38 views

Fedora 12 : zikula-1.2.3-1.fc12 (2010-8464)

Upstream pushed this release to fix two security issues one XSS, and one CSRF Upstream also removed a non-free JavaScript library that we previously had to strip. http://community.zikula.org/module-News-display-sid-3012.htm Note that Tenable Network Security has extracted the preceding descriptio...

6.8CVSS5.4AI score0.04103EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2010/06/11 12:0 a.m.22 views

Fedora Update for zikula FEDORA-2010-8464

Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8464 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.8CVSS6.4AI score0.04103EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/06/11 12:0 a.m.27 views

Fedora Update for zikula FEDORA-2010-8501

Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8501 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.8CVSS6.4AI score0.04103EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/06/11 12:0 a.m.27 views

Fedora Update for zikula FEDORA-2010-8464

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.8CVSS6.5AI score0.04103EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/06/11 12:0 a.m.18 views

Fedora Update for zikula FEDORA-2010-8501

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.8CVSS6.5AI score0.04103EPSS
Exploits0References2
Fedora
Fedora
added 2010/06/07 10:19 p.m.44 views

[SECURITY] Fedora 12 Update: zikula-1.2.3-1.fc12

A free open source Web Application Framework. It can be used to develop robust, secure, interactive and editable websites and web based applications. Zikula is written in PHP, object oriented, and fully modular. It requires a database and may use all leading database platforms like MySQL,...

6.8CVSS1.3AI score0.04103EPSS
Exploits0
OpenVAS
OpenVAS
added 2010/05/13 12:0 a.m.25 views

Zikula Multiple XSS and CSRF Vulnerabilities

This host is running Zikula and is prone to multiple cross-site scripting and cross-site request forgery vulnerabilities. OpenVAS Vulnerability Test $Id: gbzikulamultxssncsrfvuln.nasl 5388 2017-02-21 15:13:30Z teissa $ Zikula Multiple XSS and CSRF Vulnerabilities Authors: Madhuri D Updated By:...

6.8CVSS0.4AI score0.04103EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2010/05/13 12:0 a.m.23 views

Zikula < 1.2.3 Multiple XSS and CSRF Vulnerabilities

Zikula is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.8CVSS6.8AI score0.04103EPSS
Exploits0References4
Prion
Prion
added 2010/05/06 2:53 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...

4.3CVSS6.1AI score0.04103EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2010/05/06 12:47 p.m.25 views

CVE-2010-1732

Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...

6.8CVSS6.9AI score0.00524EPSS
Exploits0References2
Prion
Prion
added 2010/05/06 12:47 p.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...

6.8CVSS7.4AI score0.00524EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2010/05/05 6:0 p.m.55 views

CVE-2010-1732

Zikula Application Framework up to version 1.2.3 has a CSRF vulnerability in the users module (updateemail action) that could allow an attacker to hijack an administrator’s email address. The flaw is addressed in the 1.2.3 release, which upstream fixed two security issues (XSS and CSRF) and remov...

6.8CVSS6.9AI score0.00524EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2010/05/05 6:0 p.m.37 views

CVE-2010-1732

Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...

6.8AI score0.00524EPSS
Exploits0References2
CVE
CVE
added 2010/05/05 2:0 p.m.80 views

CVE-2010-1724

CVE-2010-1724 affects Zikula Application Framework (v1.2.2 and possibly earlier). The vulnerability is XSS in the index.php handling of func and lang parameters via ZLanguage.php, enabling remote injection of arbitrary script/HTML. OpenVAS entries corroborate multiple XSS/CSRF issues for Zikula. ...

4.3CVSS5.7AI score0.04103EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2010/05/05 2:0 p.m.44 views

CVE-2010-1724

Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...

5.7AI score0.04103EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2010/05/05 12:0 a.m.15 views

Zikula Application Framework 1.2.2 Cross Site Request Forgery

Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2010/05/04 12:0 a.m.43 views

XSRF &#40;CSRF&#41; in Zikula Application Framework

Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...

0.6AI score
Exploits0
Rows per page
Query Builder