206 matches found
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery
V-SOL GPON/EPON OLT Platform v2.03 Cross-Site Request Forgery Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is current...
College Notes Management System 1.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: College Notes Management System 1.0 - CSRF Add Note Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: https://anirbandutta.ml/ Software Link: https://sourceforge.net/projects/college-notes-management/...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - CSRF (Add Admin) Vulnerability
Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient...
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit Version: Zyxel VMG3312-B10B Tested on : Parrot Os Author: Yusuf Furkan Twitter: h1yusuf CVE: CVE-2019-7391 model name: DSL-491HNU-B1B v2...
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC Version: AirTies Modem Firmware 1.0.0.12 Tested on: Windows 10 x64 CVE : CVE-2019-6967 Author : Ali Can Gönüllü 0day.today 2019-02-06...
Cross site request forgery (csrf)
YzmCMS v5.2 has admin/role/add.html CSRF...
Infogram: User account blocking by Internal Server error
If you send a language=en in https://infogram.com/api/users/me user be forever get an Internal Server error EVEN AFTER re-logining: https://youtu.be/AxYa11lEiWA I idk why does hackerone can't upload this video so I uploaded this video privately to the youtube! In this video, I'm trying to relogin...
Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18 Category: hardware, webapps Tested on: V8.76 - SNR 8604.26 - C4 Professional...
Teradek VidiU Pro 3.0.3 CSRF Change Password Exploit
Summary The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web without a PC. Whether you're streaming out of a video switcher or wirelessly from your camera, VidiU allows you to go live when you want, where you want. VidiU offers API level integration...
CVE-2018-12530
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF...
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
GreenCMS 2.3.0603 - Cross-Site Request Forgery Add Admin Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability add admin Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE :...
Auto Dealership & Vehicle Showroom WebSys 1.0 - XSS / CSRF / Authentication Bypass Vulnerabiliti
Exploit for php platform in category web applications Exploit Title: Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin panel Authentication bypass Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage:...
Superfood 1.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD or email protected...
CVE-2018-10806
An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the filecurrentname parameter to the admin/?/plugin/filemanager/rename URI. This can be used in conjunction with CSRF...
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications input type="submit" va...
Brilliant Gallery - Highly critical - Multiple Vulnerabilities - SA-CONTRIB-2017-079
This module enables you to display any number of galleries based on images located in the files folder. The module doesn't sufficiently sanitize various database queries which may allow attackers to craft requests resulting in an SQL injection vulnerability. This vulnerability could be exploited...
SQL Injection(CVE-2017-12650) and CSRF(CVE-2017-12651) Security Vulnerability in Loginizer
As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery...
CVE-2017-9517
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV...
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery Digisol Router CSRF Exploit - Indrajith A.N history.pushState'', '', '/' input type="hidden" name="basicrates" value...
PizzaInn Beta 3 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title :----------------- : PizzaInn Restaurant Scripti Beta v3 - message-exec.php - CSRF Send Inbox Message. Author :------------------------ : Nassim Asrir Author Company :------------------------ : HenceForth Author Email...