RSS   Vulnerabilities for 'Ez poll hoster'   RSS

2009-12-22
 
CVE-2009-4385

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php.

 
 
CVE-2009-4384

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to inject arbitrary web script or HTML via the (1) pid parameter in a code action to index.php and the (2) uid parameter in a view action to profile.php.

 

 >>> Vendor: Scriptsez 15 Products
Cute guestbook
Ez ringtone manager
Random php quote
Smart php subscriber
Power editor
Freeze greetings
Easy image downloader
Mini hosting panel
Ez php comment
Ultimate poll
Ez cart
Ez blog
Ez poll hoster
Good/bad vote
Ez album


Copyright 2019, cxsecurity.com

 

Back to Top