• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Harmoni Versions Prior to 1.6.0 Cross-Site Request Forgery and Security Bypass Vulnerabilities

Harmoni is prone to a cross-site request-forgery vulnerability and a security-bypass vulnerability.

An attacker can exploit these issues to gain unauthorized accsss to the affected application, create new user accounts, and delete arbitrary content within the context of the affected application. Other attacks are also possible.

Versions prior to Harmoni 1.6.0 are vulnerable.