130 matches found
CVE-2011-0911
Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...
CVE-2011-0535
Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...
CVE-2010-4728
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...
Design/Logic Flaw
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...
Cross site request forgery (csrf)
Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...
CVE-2010-4729
Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...
Cross site scripting
Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...
CVE-2010-4728
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism...
CVE-2010-4729
Zikula
CVE-2010-4729
Zikula before 1.2.3 does not use the authid protection mechanism for 1 the lostpassword form and 2 mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery CSRF attacks via multiple form submissions...
CVE-2010-4728
The CVE affects Zikula
CVE-2011-0535
Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...
CVE-2011-0911
CVE-2011-0911 (NVD entry) : Affected product is Zikula CMS, specifically the Users module, prior to version 1.2.5. It is described as a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The root cause is not detai...
CVE-2011-0535
CVE-2011-0535 affects Zikula’s Users module prior to version 1.2.5. The vulnerability is a CSRF flaw that lets an attacker hijack administrator sessions and perform privilege changes via an edit_access_permissions action to index.php. Root cause: CSRF in the Users module. Impact per source: unaut...
Zikula CMS CSRF Vulnerability
This host is running Zikula and is prone to cross-site request forgery vulnerability. OpenVAS Vulnerability Test $Id: gbzikulacsrfvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Zikula CMS CSRF Vulnerability Authors: Madhuri D - Updated By: Madhuri D on 2011-02-11 - Added CVE Copyright: Copyright c...
Zikula CMS < 1.2.5 CSRF Vulnerability
Zikula is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Zikula CMS <= 1.2.4 CSRF Vulnerability
Exploit for php platform in category web applications 1. OVERVIEW The Zikula 1.2.4 and lower versions were vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND Zikula is a Web Application Toolkit, which allows you to run impressive websites and build powerful online applications. Zikula h...
Zikula CMS 1.2.4 - Cross-Site Request Forgery
Zikula CMS 1.2.4 - Cross-Site Request Forgery Source: http://packetstormsecurity.org/files/view/98060/zikulacms-xsrf.txt ==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1...
Zikula CMS 1.2.4 - Cross-Site Request Forgery
Source: http://packetstormsecurity.org/files/view/98060/zikulacms-xsrf.txt ==================================================== Zikula CMS 1.2.4 = Cross Site Request Forgery CSRF Vulnerability ==================================================== 1. OVERVIEW The Zikula 1.2.4 and lower versions wer...