1336 matches found
CVE-2012-2128
Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1.4 setting CSRFCOOKIESECURE to True in settings.py will fix this problem...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....
Axous 1.1.1 multiple defects (CSRF-persistent XSS)-a vulnerability warning-the black bar safety net
Title: Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Author: Ivano Binetti http://www.ivanobinetti.com Software download: http://www.axous.com/get.php?pid=1 App developer website: http://www.axous.com/ Affects versions : 1.1.1 and lower Test system : Debian Squeeze 6.0...
Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
+-----------------------------------------------------------------------------------------------------------+ Exploit Title : Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Date : 30-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wordpress 3.3.1 Multiple CSRF Vulnerabilities Date : 19-03-20...
WordPress 3.3.1 - Multiple CSRF Vulnerabilities
WordPress version 3.3.1 is prone to a multiple cross site request forgery vulnerabilities. These vulnerabilities are caused by a security flaw in anti-CSRF token wpnonce, wpnoncecreate-user, ajaxnonce, wpnonce-custom-background-upload, wpnonce-custom-header-upload generation. Multiple CSRF allow ...
restructureattachments.jsp Triggering off a Restructure job lacks an XSRF token
In restructureattachments.jsp Triggering off a Restructure job does not require a csrf token. To trigger it just send a POST to the page with the following post data: 'action:Restructure'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to...
restructureattachments.jsp Triggering off a Restructure job lacks an XSRF token
In restructureattachments.jsp Triggering off a Restructure job does not require a csrf token. To trigger it just send a POST to the page with the following post data: 'action:Restructure'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to...
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49660/info PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
TextPattern v4.0.8 - Cross Site Request Forgery Vulnerability
Document Title: =============== TextPattern v4.0.8 - Cross Site Request Forgery Vulnerability Release Date: ============= 2011-06-07 Vulnerability Laboratory ID VL-ID: ==================================== 11 Product & Service Introduction: =============================== The Many Reasons to use...
PYSEC-2010-12
Cross-site scripting XSS vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken aka csrftoken cookie...
PunBB <= 1.3.4 Pun_PM <= v1.2.6 Blind SQL Injection Vulnerability
Exploit for php platform in category web applications ================================================================= PunBB 526 function punpmeditmessage global $forumdb, $forumuser, $langpunpm; $errors = array; // Verify input data $query = array 'SELECT' = 'm.id as id, m.senderid as senderid,...
squirrelmail CSRF vulnerability
I. BACKGROUND SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no JavaScript required for maximum compatibility across browsers. It has very few requirements and is...