328 matches found
Cross site request forgery (csrf)
The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...
CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing
The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...
PT-2023-23921 · Unknown · Ts Webfonts For Sakura
Name of the Vulnerable Software and Affected Versions: TS Webfonts for SAKURA versions 3.1.2 and earlier Description: A cross-site request forgery CSRF issue allows a remote unauthenticated attacker to hijack the authentication of a user and change settings by having the user view a malicious pag...
Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery
The plugin does not properly implement anti-CSRF mechanisms, making it vulnerable to potential CSRF attacks...
SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...
PT-2023-21395 · Unknown · Liquid Speech Balloon
Name of the Vulnerable Software and Affected Versions: LIQUID SPEECH BALLOON versions prior to 1.2 Description: A cross-site request forgery CSRF issue allows a remote unauthenticated attacker to hijack the authentication of a user and perform unintended operations by having a user view a malicio...
PT-2023-14917 · Rumpus · Rumpus
Name of the Vulnerable Software and Affected Versions: Rumpus - FTP server version 9.0.7.1 Description: The issue is related to cross-site request forgery CSRF, which may allow unauthorized actions to be taken on behalf of authenticated users. Recommendations: For Rumpus - FTP server version...
Exploit for Cross-Site Request Forgery (CSRF) in Filebrowser
CVE-2021-46398 - Lalie ARNOUD, Gaspard ANDRIEU In this reposi...
Craft CMS discloses password hashes
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
GHSA-H972-V458-M892 Craft CMS discloses password hashes
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
Cross site request forgery (csrf)
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
Pixel&tonic Craft CMS 安全漏洞
Pixel & tonic Craft CMS is a content management system CMS from the US-based Pixel & tonic, Inc. A security vulnerability exists in Pixel & tonic Craft CMS versions 3.0.0 through 3.7.32, which originates from exposing password hashes of users who authenticate using email addresses or usernames in...
CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...
CVE-2022-40180
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
Cross site request forgery (csrf)
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
Cross site request forgery (csrf)
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
CVE-2022-40179
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...