Lucene search
K

1336 matches found

Debian CVE
Debian CVE
added 2012/08/27 12:0 a.m.43 views

CVE-2012-2128

Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...

6.8CVSS6.7AI score0.01242EPSS
Exploits0
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.18 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.16 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.17 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1.4 setting CSRFCOOKIESECURE to True in settings.py will fix this problem...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/07/27 7:41 a.m.20 views

The csrf token cookie should be a 'secure' cookie like the sessionid cookie

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....

1.7AI score
Exploits0
myhack58
myhack58
added 2012/05/19 12:0 a.m.21 views

Axous 1.1.1 multiple defects (CSRF-persistent XSS)-a vulnerability warning-the black bar safety net

Title: Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Author: Ivano Binetti http://www.ivanobinetti.com Software download: http://www.axous.com/get.php?pid=1 App developer website: http://www.axous.com/ Affects versions : 1.1.1 and lower Test system : Debian Squeeze 6.0...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2012/05/16 12:0 a.m.34 views

Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

+-----------------------------------------------------------------------------------------------------------+ Exploit Title : Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Date : 30-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...

8.8CVSS8.8AI score0.02256EPSS
Exploits6
exploitpack
exploitpack
added 2012/04/27 12:0 a.m.77 views

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wordpress 3.3.1 Multiple CSRF Vulnerabilities Date : 19-03-20...

6.8CVSS0.2AI score0.02879EPSS
Exploits7
Patchstack
Patchstack
added 2012/04/27 12:0 a.m.39 views

WordPress 3.3.1 - Multiple CSRF Vulnerabilities

WordPress version 3.3.1 is prone to a multiple cross site request forgery vulnerabilities. These vulnerabilities are caused by a security flaw in anti-CSRF token wpnonce, wpnoncecreate-user, ajaxnonce, wpnonce-custom-background-upload, wpnonce-custom-header-upload generation. Multiple CSRF allow ...

6.8CVSS1.7AI score0.02879EPSS
Exploits7References1Affected Software1
Atlassian
Atlassian
added 2012/04/19 1:12 a.m.19 views

restructureattachments.jsp Triggering off a Restructure job lacks an XSRF token

In restructureattachments.jsp Triggering off a Restructure job does not require a csrf token. To trigger it just send a POST to the page with the following post data: 'action:Restructure'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to...

1.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 1:12 a.m.21 views

restructureattachments.jsp Triggering off a Restructure job lacks an XSRF token

In restructureattachments.jsp Triggering off a Restructure job does not require a csrf token. To trigger it just send a POST to the page with the following post data: 'action:Restructure'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to...

1.6AI score
Exploits0Affected Software1
exploitpack
exploitpack
added 2011/09/16 12:0 a.m.12 views

PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities

PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49660/info PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

0.2AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2011/06/07 12:0 a.m.24 views

TextPattern v4.0.8 - Cross Site Request Forgery Vulnerability

Document Title: =============== TextPattern v4.0.8 - Cross Site Request Forgery Vulnerability Release Date: ============= 2011-06-07 Vulnerability Laboratory ID VL-ID: ==================================== 11 Product & Service Introduction: =============================== The Many Reasons to use...

7.1AI score
Exploits0
PyPA
PyPA
added 2010/09/14 7:0 p.m.7 views

PYSEC-2010-12

Cross-site scripting XSS vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken aka csrftoken cookie...

4.3CVSS6AI score0.019EPSS
Exploits0References7Affected Software1
0day.today
0day.today
added 2010/07/27 12:0 a.m.28 views

PunBB <= 1.3.4 Pun_PM <= v1.2.6 Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ================================================================= PunBB 526 function punpmeditmessage global $forumdb, $forumuser, $langpunpm; $errors = array; // Verify input data $query = array 'SELECT' = 'm.id as id, m.senderid as senderid,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/12 12:0 a.m.84 views

squirrelmail CSRF vulnerability

I. BACKGROUND SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no JavaScript required for maximum compatibility across browsers. It has very few requirements and is...

7.5CVSS6.3AI score0.03437EPSS
Exploits1
Rows per page
Query Builder