A attacker can remotely disable the account from administrator not allowing the same to be able to access the site
WebfolioCMS 1.1.4 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, modify web pages, and change other WebfolioCMS parameters. The exploit demonstrates how to add an administrator account and modify existing and published web pages.
The exploit allows remote attackers to execute arbitrary code via a long SSH username, which triggers a buffer overflow in the username field of the SSH handshake process.
PlumeCMS is prone to a CSRF Vulnerability which allows an attacker to insert and publish "News" (as PlumeCMS names his articles) when an authenticated admin browses a web page containing the provided HTML/Javascript code.
The SyndeoCMS version 3.0 and lower is vulnerable to CSRF. An attacker can add an admin account by exploiting this vulnerability.
CSRF exploit that allows adding a new admin
This exploit allows an attacker to add an admin account using CSRF vulnerability in SocialCMS. By submitting a crafted form, the attacker can create a new admin account without proper authentication.
This exploit allows remote code execution through a buffer overflow vulnerability in Sysax Multi Server version 5.52 and below. It utilizes an egghunter technique to bypass DEP (Data Execution Prevention). The vulnerability was discovered by Craig Freyman (@cd1zz) and detailed information can be found at http://www.pwnag3.com/2012/02/sysax-multi-server-552-file-rename.html.
The PoC (Proof of Concept) allows an attacker to create a blue screen of death (BSOD) on systems running PeerBlock 1.1. The vulnerability is caused by a buffer overflow in the pbfilter.sys driver. By sending a specially crafted IOCTL request to the driver, an attacker can trigger the buffer overflow and crash the system, resulting in a BSOD. The vulnerability has been tested on Microsoft Windows XP Professional SP3.
This SQL injection vulnerability allows an attacker to update the username and password of the admin user in Ananta Gazelle CMS. The vulnerability is present in the 'forgot.php' page, where the user can submit a form to set a new activation key for their account. The vulnerable code does not properly sanitize the user input, allowing the attacker to modify the SQL query and set arbitrary values for the admin username and password. The vulnerability can be exploited by sending a specially crafted POST request to the 'forgot.php' page with the desired values for the username and password. The exploit changes the username to '1' and the password to '1' by copying the value of a default column in the 'users' table. This allows the attacker to gain administrative access to the CMS.