Search
Find a vulnerability
Search criteria
4 vulnerabilities by webgroupmedia
CVE-2015-6545 (GCVE-0-2015-6545)
Vulnerability from nvd – Published: 2015-09-03 17:00 – Updated: 2024-08-06 07:22
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/133404/Cerb-… | x_refsource_MISC |
| https://github.com/wgm/cerb/commit/12de87ff9961a4… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/536376/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.htbridge.com/advisory/HTB23269 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/38074/ | exploitx_refsource_EXPLOIT-DB |
| http://wiki.cerbweb.com/7.0#7.0.4 | x_refsource_CONFIRM |
Date Public
2015-09-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144"
},
{
"name": "20150902 Cross-Site Request Forgery in Cerb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23269"
},
{
"name": "38074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38074/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.cerbweb.com/7.0#7.0.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144"
},
{
"name": "20150902 Cross-Site Request Forgery in Cerb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23269"
},
{
"name": "38074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38074/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.cerbweb.com/7.0#7.0.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html"
},
{
"name": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144",
"refsource": "CONFIRM",
"url": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144"
},
{
"name": "20150902 Cross-Site Request Forgery in Cerb",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536376/100/0/threaded"
},
{
"name": "https://www.htbridge.com/advisory/HTB23269",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23269"
},
{
"name": "38074",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38074/"
},
{
"name": "http://wiki.cerbweb.com/7.0#7.0.4",
"refsource": "CONFIRM",
"url": "http://wiki.cerbweb.com/7.0#7.0.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6545",
"datePublished": "2015-09-03T17:00:00.000Z",
"dateReserved": "2015-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:22.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6440 (GCVE-0-2008-6440)
Vulnerability from nvd – Published: 2009-03-06 18:00 – Updated: 2024-09-16 21:07
VLAI
EPSS
VEX
Summary
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29335 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30344 | third-party-advisoryx_refsource_SECUNIA |
| http://www.cerb4.com/blog/2008/05/15/important-se… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29335"
},
{
"name": "30344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for \"controllers ... that aren\u0027t standard helpdesk pages,\" possibly involving the (1) /display and (2) /kb URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-06T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29335"
},
{
"name": "30344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for \"controllers ... that aren\u0027t standard helpdesk pages,\" possibly involving the (1) /display and (2) /kb URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29335"
},
{
"name": "30344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30344"
},
{
"name": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/",
"refsource": "CONFIRM",
"url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6440",
"datePublished": "2009-03-06T18:00:00.000Z",
"dateReserved": "2009-03-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:07:47.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6545 (GCVE-0-2015-6545)
Vulnerability from cvelistv5 – Published: 2015-09-03 17:00 – Updated: 2024-08-06 07:22
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/133404/Cerb-… | x_refsource_MISC |
| https://github.com/wgm/cerb/commit/12de87ff9961a4… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/536376/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.htbridge.com/advisory/HTB23269 | x_refsource_MISC |
| https://www.exploit-db.com/exploits/38074/ | exploitx_refsource_EXPLOIT-DB |
| http://wiki.cerbweb.com/7.0#7.0.4 | x_refsource_CONFIRM |
Date Public
2015-09-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144"
},
{
"name": "20150902 Cross-Site Request Forgery in Cerb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23269"
},
{
"name": "38074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38074/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.cerbweb.com/7.0#7.0.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144"
},
{
"name": "20150902 Cross-Site Request Forgery in Cerb",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23269"
},
{
"name": "38074",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38074/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.cerbweb.com/7.0#7.0.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html"
},
{
"name": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144",
"refsource": "CONFIRM",
"url": "https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144"
},
{
"name": "20150902 Cross-Site Request Forgery in Cerb",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536376/100/0/threaded"
},
{
"name": "https://www.htbridge.com/advisory/HTB23269",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23269"
},
{
"name": "38074",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38074/"
},
{
"name": "http://wiki.cerbweb.com/7.0#7.0.4",
"refsource": "CONFIRM",
"url": "http://wiki.cerbweb.com/7.0#7.0.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6545",
"datePublished": "2015-09-03T17:00:00.000Z",
"dateReserved": "2015-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:22.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6440 (GCVE-0-2008-6440)
Vulnerability from cvelistv5 – Published: 2009-03-06 18:00 – Updated: 2024-09-16 21:07
VLAI
EPSS
VEX
Summary
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29335 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/30344 | third-party-advisoryx_refsource_SECUNIA |
| http://www.cerb4.com/blog/2008/05/15/important-se… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:27:35.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29335"
},
{
"name": "30344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for \"controllers ... that aren\u0027t standard helpdesk pages,\" possibly involving the (1) /display and (2) /kb URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-06T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29335"
},
{
"name": "30344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for \"controllers ... that aren\u0027t standard helpdesk pages,\" possibly involving the (1) /display and (2) /kb URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29335"
},
{
"name": "30344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30344"
},
{
"name": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/",
"refsource": "CONFIRM",
"url": "http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6440",
"datePublished": "2009-03-06T18:00:00.000Z",
"dateReserved": "2009-03-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:07:47.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}