Lucene search
K

130 matches found

NVD
NVD
added 2011/02/08 10:0 p.m.23 views

CVE-2011-0911

Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...

4.3CVSS5.5AI score0.00855EPSS
Exploits0References1
NVD
NVD
added 2011/02/08 10:0 p.m.17 views

CVE-2011-0535

Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...

6.8CVSS7AI score0.01434EPSS
Exploits1References9
NVD
NVD
added 2011/02/08 10:0 p.m.20 views

CVE-2010-4728

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...

5CVSS6.7AI score0.00949EPSS
Exploits0References1
Prion
Prion
added 2011/02/08 10:0 p.m.23 views

Design/Logic Flaw

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...

5CVSS7.2AI score0.00949EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2011/02/08 10:0 p.m.21 views

Cross site request forgery (csrf)

Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...

6.8CVSS7.5AI score0.00524EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2011/02/08 10:0 p.m.26 views

CVE-2010-4729

Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...

6.8CVSS7AI score0.00524EPSS
Exploits0References2
Prion
Prion
added 2011/02/08 10:0 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...

4.3CVSS5.9AI score0.01434EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2011/02/08 10:0 p.m.22 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...

6.8CVSS7.3AI score0.01434EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2011/02/08 9:0 p.m.29 views

CVE-2010-4728

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...

6.7AI score0.00949EPSS
Exploits0References1
CVE
CVE
added 2011/02/08 9:0 p.m.45 views

CVE-2010-4729

Zikula

6.8CVSS7.2AI score0.00524EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/02/08 9:0 p.m.31 views

CVE-2010-4729

Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...

7AI score0.00524EPSS
Exploits0References2
CVE
CVE
added 2011/02/08 9:0 p.m.57 views

CVE-2010-4728

The CVE affects Zikula

5CVSS6.9AI score0.00949EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2011/02/08 9:0 p.m.30 views

CVE-2011-0535

Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...

6.9AI score0.01434EPSS
Exploits1References9
CVE
CVE
added 2011/02/08 9:0 p.m.49 views

CVE-2011-0911

CVE-2011-0911 (NVD entry) : Affected product is Zikula CMS, specifically the Users module, prior to version 1.2.5. It is described as a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The root cause is not detai...

4.3CVSS5.7AI score0.00855EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2011/02/08 9:0 p.m.57 views

CVE-2011-0535

CVE-2011-0535 affects Zikula’s Users module prior to version 1.2.5. The vulnerability is a CSRF flaw that lets an attacker hijack administrator sessions and perform privilege changes via an edit_access_permissions action to index.php. Root cause: CSRF in the Users module. Impact per source: unaut...

6.8CVSS7.2AI score0.01434EPSS
Exploits1References9Affected Software1
OpenVAS
OpenVAS
added 2011/02/07 12:0 a.m.21 views

Zikula CMS CSRF Vulnerability

This host is running Zikula and is prone to cross-site request forgery vulnerability. OpenVAS Vulnerability Test $Id: gbzikulacsrfvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Zikula CMS CSRF Vulnerability Authors: Madhuri D - Updated By: Madhuri D on 2011-02-11 - Added CVE Copyright: Copyright c...

6.8CVSS0.5AI score0.01434EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2011/02/07 12:0 a.m.19 views

Zikula CMS < 1.2.5 CSRF Vulnerability

Zikula is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.7AI score
Exploits0References3
0day.today
0day.today
added 2011/02/03 12:0 a.m.25 views

Zikula CMS <= 1.2.4 CSRF Vulnerability

Exploit for php platform in category web applications 1. OVERVIEW The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND Zikula is a Web Application Toolkit, which allows you to run impressive websites and build powerful online applications. Zikula h...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/02/02 12:0 a.m.20 views

Zikula CMS 1.2.4 - Cross-Site Request Forgery

Zikula CMS 1.2.4 - Cross-Site Request Forgery Source: http://packetstormsecurity.org/files/view/98060/zikulacms-xsrf.txt ==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2011/02/02 12:0 a.m.45 views

Zikula CMS 1.2.4 - Cross-Site Request Forgery

Source: http://packetstormsecurity.org/files/view/98060/zikulacms-xsrf.txt ==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1. OVERVIEW The Zikula 1.2.4 and lower versions wer...

7AI score
Exploits0
Rows per page
Query Builder