CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

206 matches found

Exploit DB•added 2016/10/13 12:0 a.m.•12 views

Colorful Blog - Cross-Site Request Forgery (Change Admin Password)

Exploit Title :----------- : Colorful Blog - Cross-Site Request Forgery Change Admin Pass Author :------------------ : Besim Google Dork :---------- : - Date :--------------------- : 13/10/2016 Type :--------------------- : webapps Platform :---------------- : PHP Vendor Homepage :-- : - Software...

myhack58•added 2016/09/13 12:0 a.m.•14 views

Combat a VPN platform vulnerability discovery-vulnerability warning-the black bar safety net

CSRF Used to those not accustomed to the habit of Habit first look at the change the password no matter what to do the capture and see, because something tells me he has a problem Just started to get back the password Like the debug the next data packet, intuition tells me there is a problem, the...

exploitpack•added 2016/08/02 12:0 a.m.•36 views

Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)

Open Upload 0.4.2 - Cross-Site Request Forgery Add Admin ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

0day.today•added 2016/08/02 12:0 a.m.•39 views

Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)

Exploit for php platform in category web applications ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

seebug.org•added 2016/05/16 12:0 a.m.•23 views

WordPress leenk.me Plugin 2.5.0 - CSRF/XSS

No description provided by source...

Hacker One•added 2016/04/22 5:38 p.m.•22 views

Concrete CMS: ProBlog 2.6.6 CSRF Exploit

Report Because the ProBlogs plugin did not validate the anti-csrf token on a POST request. A victim who is logged in could be fooled into clicking a malicious form styled to look like a link, image, etc which would create a page in their C5 website. Because the ProBlogs plugin does not validate t...

Packet Storm•added 2016/03/30 12:0 a.m.•39 views

CubeCart 6.0.10 CSRF / XSS / SQL Injection

Advisory ID: HTB23298 Product: CubeCart Vendor: CubeCart Limited Vulnerable Versions: 6.0.10 and probably prior Tested Version: 6.0.10 Advisory Publication: March 2, 2016 without technical details Vendor Notification: March 2, 2016 Vendor Patch: March 16, 2016 Public Disclosure: March 30, 2016...

exploitpack•added 2016/03/21 12:0 a.m.•32 views

iTop 2.2.1 - Cross-Site Request Forgery

iTop 2.2.1 - Cross-Site Request Forgery Advisory ID: HTB23293 Product: iTop Vendor: Combodo Vulnerable Versions: 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 11, 2016...

Packet Storm•added 2016/03/19 12:0 a.m.•36 views

Dating Pro Genie 2015.7 Cross Site Request Forgery

Advisory ID: HTB23294 Product: Dating Pro Vendor: DatingPro Vulnerable Versions: Genie 2015.7 and probably prior Tested Version: Genie 2015.7 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 29, 2016 Public Disclosure:...

htbridge•added 2016/03/02 12:0 a.m.•501 views

CSRF, Authentication Bypass & RCE in GuppY

High-Tech Bridge Security Research Lab discovered two vulnerabilities in open web portal software GuppY. A remote attacker can delete arbitrary files, bypass authentication and execute arbitrary file on vulnerable system. 1 Cross-Site Request Forgery in GuppY The vulnerability exists due to...

Exploits0Affected Software1

htbridge•added 2015/11/18 12:0 a.m.•505 views

Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module

High-Tech Bridge Security Research Lab discovered multiple SQL Injection vulnerabilities in mcart.xls Bitrix module, which can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website...

6CVSS0.4AI score0.02553EPSS

Exploits5Affected Software1

htbridge•added 2015/11/18 12:0 a.m.•663 views

SQL Injection in orion.extfeedbackform Bitrix Module

High-Tech Bridge Security Research Lab discovered two vulnerabilities in orion.extfeedbackform Bitrix module, can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website. All discover...

6.5CVSS9.2AI score0.00427EPSS

Exploits2Affected Software1

0day.today•added 2015/10/13 12:0 a.m.•36 views

Kerio Control 8.6.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: Multiple Vulnerabilities in Kerio Control Virtual Appliance Vulnerabilities: SQL Injection, Remote Code Execution through CSRF Product: Kerio Control Homepage: http://www.kerio.com Affected Version: = 8.6.1 Fixed Version: 8.6.2 partiall...

myhack58•added 2015/07/15 12:0 a.m.•16 views

GET to the vulnerability-vulnerability warning-the black bar safety net

This article is mainly about the current on the Internet get method is non-standard use of some of the security vulnerabilities. Which focuses on speaking the get request in the account login system is abuse of the scene and attacks. 0x01 Get method defined In between the client and server for...

seebug.org•added 2014/11/13 12:0 a.m.•24 views

Who's Who Script - CSRF Exploit (Add Admin Account)

No description provided by source. Title : Who's Who Script CSRF Exploit Add Admin Account Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 30.10.2014 Demo : http://demo.phpscriptlerim.com/free/whoswho/ Download1 :...

Exploit DB•added 2014/10/31 12:0 a.m.•31 views

Who's Who Script - Cross-Site Request Forgery (Add Admin)

Title : Who's Who Script CSRF Exploit Add Admin Account Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Date : 30.10.2014 Demo : http://demo.phpscriptlerim.com/free/whoswho/ Download1 : http://www.phpscriptlerim.com/download/indir.php?id=14...

0day.today•added 2014/09/29 12:0 a.m.•23 views

OpenFiler 2.99.1 - CSRF Vulnerability

Exploit for php platform in category web applications DoS 0day.today 2018-03-28...

Packet Storm•added 2014/07/30 12:0 a.m.•49 views

D-Link DWR-113 Cross Site Request Forgery

Exploit Title: Dlink DWR-113 Rev. Ax - CSRF causing Denial of Service Google dork : N/A Exploit Author: Blessen Thomas Date : 29/07/14 Vendor Homepage : http://www.dlink.com/ Software Link : N/A Firmware version: v2.02 2013-03-13 Tested on : Windows 7 CVE : CVE-2014-3136 Type of Application : Web...

0.6AI score0.00799EPSS

seebug.org•added 2014/07/01 12:0 a.m.•17 views

Symantec LiveUpdate Administrator Management GUI HTML Injection

No description provided by source. Source: http://www.securityfocus.com/bid/46856/info Symantec LiveUpdate Administrator is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentiall...

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Limny 2.0 Change Email and Password - CSRF Exploit

No description provided by source...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by