1336 matches found
Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities
Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the...
HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service
HOTBOX router/modem version 2.1.11 suffers from cross site request forgery, denial of service, script injection, and directory traversal vulnerabilities. Denial of service and cross site request forgery proof of concepts included...
HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service
+------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. |...
CVE-2013-4302
1 ApiBlock.php, 2 ApiCreateAccount.php, 3 ApiLogin.php, 4 ApiMain.php, 5 ApiQueryDeletedrevs.php, 6 ApiTokens.php, and 7 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the...
WHMCS 5.2.7 - SQL Injection Exploit
Exploit for php platform in category web applications !/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = 'email protected' just create a dummie account at /register.php userpwd =...
WHMCS 5.2.7 SQL Injection
!/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = '[email protected]' just create a dummie account at /register.php userpwd = 'hacker' import urllib, re, sys from urllib2 impo...
phpwind配置不当可导致CSRF发帖
简要描述: phpwind配置不当可导致CSRF发帖 详细说明: crossdomain.xml的默认设置: - 虽然有建议 但是普通站长谁没事改这个啊,还不如你们在安装时直接根据host重写下crossdomain.xml得了。 先取到csrf的token function gethash function getformhashtxt txt = txt.split'csrftoken" value="'1.split'"'0; return txt; var resultlv:LoadVars = new LoadVars; resultlv.onData = functiontx...
[SECURITY] [DSA 2753-1] mediawiki security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2753-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 13, 2013 http://www.debian.org/security/faq -...
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...
Spitefire CMS 1.1.4 Cross Site Request Forgery
Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://spitfire.clausmuus.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected...
Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability
This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...
Google Translate Cross Site Request Forgery
+------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Google Translate CSRF Vulnerability Date : 06/20/2013 Author : Ivano Binetti http://www.ivanobinetti.com Affected Web site :...
Server: CSRF token leakage
The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Webid 1.0.6 - Multiple Vulnerabilities
WeBid is an open-source auction script package. Although still in beta stages WeBid is one of the best open-source solutions for getting an auction site up and running quickly and cheaply. Written in the popular scripting language PHP and with a large collection of highly customisable features...
WeBid 1.0.6 - Multiple Vulnerabilities
WeBid 1.0.6 - Multiple Vulnerabilities Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...
WeBid 1.0.6 - Multiple Vulnerabilities
Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...
Webid Blind SQL Injection / Local File Disclosure Vulnerability
Exploit for php platform in category web applications Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...
phpMyAdmin Authenticated Remote Code Execution Vulnerability
This Metasploit module exploits a PREGREPLACEEVAL vulnerability in phpMyAdmin's replaceprefixtbl within libraries/multsubmits.inc.php via dbsettings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable. This file is part of t...
Fork CMS Cross Site Request Forgery
==================================================================================== Fork-CMS CSRF: Introduction Author: Rafay Baloch CSRF OR XSRF Cross site request forgery occurs when the victim forces your browser to send a forged request and makes the victim performing a particular action. An...
CVE-2012-2128
Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...