Lucene search
+L

328 matches found

Prion
Prion
added 2023/09/20 4:15 p.m.17 views

Cross site request forgery (csrf)

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

4.3CVSS6.4AI score0.00228EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/20 3:5 p.m.27 views

CVE-2023-2508 CSRF in PaperCutNG Mobility Print leads to sophisticated phishing

The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...

5.3CVSS6.9AI score0.00228EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/07/21 12:0 a.m.3 views

PT-2023-23921 · Unknown · Ts Webfonts For Sakura

Name of the Vulnerable Software and Affected Versions: TS Webfonts for SAKURA versions 3.1.2 and earlier Description: A cross-site request forgery CSRF issue allows a remote unauthenticated attacker to hijack the authentication of a user and change settings by having the user view a malicious pag...

4.3CVSS4.8AI score0.00251EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2023/07/11 12:0 a.m.20 views

Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery

The plugin does not properly implement anti-CSRF mechanisms, making it vulnerable to potential CSRF attacks...

8.8CVSS6.8AI score0.00214EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2023/06/20 12:0 a.m.1273 views

SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

9.8CVSS9.8AI score0.99637EPSS
Exploits23
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.9 views

PT-2023-21395 · Unknown · Liquid Speech Balloon

Name of the Vulnerable Software and Affected Versions: LIQUID SPEECH BALLOON versions prior to 1.2 Description: A cross-site request forgery CSRF issue allows a remote unauthenticated attacker to hijack the authentication of a user and perform unintended operations by having a user view a malicio...

8.8CVSS9.2AI score0.00457EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.8 views

PT-2023-14917 · Rumpus · Rumpus

Name of the Vulnerable Software and Affected Versions: Rumpus - FTP server version 9.0.7.1 Description: The issue is related to cross-site request forgery CSRF, which may allow unauthorized actions to be taken on behalf of authenticated users. Recommendations: For Rumpus - FTP server version...

8.8CVSS8.4AI score0.00263EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2023/01/03 9:49 a.m.303 views

Exploit for Cross-Site Request Forgery (CSRF) in Filebrowser

CVE-2021-46398 - Lalie ARNOUD, Gaspard ANDRIEU In this reposi...

8.8CVSS9.3AI score0.06663EPSS
Exploits6
Github Security Blog
Github Security Blog
added 2022/12/05 9:30 p.m.38 views

Craft CMS discloses password hashes

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

7.5CVSS7.4AI score0.01035EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/05 9:30 p.m.69 views

GHSA-H972-V458-M892 Craft CMS discloses password hashes

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

7.5CVSS7.5AI score0.01035EPSS
Exploits1References5
NVD
NVD
added 2022/12/05 9:15 p.m.36 views

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

7.5CVSS0.01035EPSS
Exploits1References3
Prion
Prion
added 2022/12/05 9:15 p.m.23 views

Cross site request forgery (csrf)

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

5CVSS7.5AI score0.01035EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.19 views

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

6.8AI score0.01035EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/12/05 12:0 a.m.42 views

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

7.7AI score0.01035EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.8 views

Pixel&tonic Craft CMS 安全漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US-based Pixel & tonic, Inc. A security vulnerability exists in Pixel & tonic Craft CMS versions 3.0.0 through 3.7.32, which originates from exposing password hashes of users who authenticate using email addresses or usernames in...

7.5CVSS7.3AI score0.01035EPSS
Exploits1References3
OSV
OSV
added 2022/12/05 12:0 a.m.40 views

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFTCSRFTOKEN and a HTML hidden field called CRAFTCSRFTOKEN to avoid Cross Site Request Forgery attacks. T...

7.5CVSS7.6AI score0.01035EPSS
Exploits1References5
NVD
NVD
added 2022/10/11 11:15 a.m.21 views

CVE-2022-40180

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

5.3CVSS0.00247EPSS
Exploits0References1
Prion
Prion
added 2022/10/11 11:15 a.m.12 views

Cross site request forgery (csrf)

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

2.6CVSS6.1AI score0.00247EPSS
Exploits0References1Affected Software10
Prion
Prion
added 2022/10/11 11:15 a.m.17 views

Cross site request forgery (csrf)

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

5.8CVSS8.2AI score0.00305EPSS
Exploits0References1Affected Software10
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.31 views

CVE-2022-40179

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

8.3AI score0.00305EPSS
Exploits0References1
Rows per page
Query Builder