CVE-2010-3884
published 2010-10-08CVE-2010-3884: Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.83%
52.9th percentile
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | <= 1.8.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL FTP PASS overflow attempt
suricata·2010-09-23
CVE-1999-1519 GPL FTP PASS overflow attempt
GPL FTP PASS overflow attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"GPL FTP PASS overflow attempt"; flow:established,to_server,no_stream; content:"PASS"; nocase; isdataat:100,relative; pcre:"/^PASS\s[^\n]{100}/smi"; reference:bugtraq,10078; reference:bugtraq,10720; reference:bugtraq,1690; reference:bugtraq,3884; reference:bugtraq,8601; reference:bugtraq,9285; reference:cve,1999-1519; reference:cve,1999-1539; reference:cve,2000-1035; reference:cve,2002-0126; reference:cve,2002-0895; classtype:attempted-admin; sid:2101972; rev:19; metadata:created_at 2010_09_23, cve CVE_1999_1519, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Exploit-DB
Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow (Metasploit)
exploitdb·2010-04-30
CVE-2008-4397 Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow (Metasploit)
Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow (Metasploit)
---
##
# $Id: ca_arcserve_342.rb 9179 2010-04-30 08:40:19Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Computer Associates ARCserve REPORTREMOTEEXECUTECML Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Computer Associates BrighStor ARCserve r11.5 (build 3884).
By sending a specially crafted RPC request to opcode 0x342, an attacker could overflow the buffer
and execute arbitrary code. In order to successfully explo
Exploit-DB
CMS Made Simple 1.7 - Cross-Site Request Forgery
exploitdb·2010-04-02
CVE-2010-3884 CMS Made Simple 1.7 - Cross-Site Request Forgery
CMS Made Simple 1.7 - Cross-Site Request Forgery
---
CMS Made Simple 1.7 CSRF Vulnerability
# Vulnerability found in- Admin module
# email [email protected]
# company aksitservices
# Credit by Pratul Agrawal
# Software CMS Made Simple 1.7
# Category CMS / Portals
# Site p4ge http://server/demo/2/10/CMS_Made_Simple
# Plateform php
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun, sameer (My Web Team)
# Proof of concept #
Targeted URL: http://sever/demo/2/10/CMS_Made_Simple
Script to Add admin user through Cross Site request forgery
. ................................................................................................................
document.csrf.submit();
. ..................................................
No writeups or analysis indexed.
2010-10-08
Published