Lucene search
+L

1349 matches found

nessus
nessus
added 2014/04/09 12:0 a.m.32 views

Fedora 19 : mediawiki-1.21.8-1.fc19 (2014-4511)

bug 62497 SECURITY: Add CSRF token on Special:ChangePassword. - bug 62467 Set a title for the context during import on the cli. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

4CVSS8.2AI score0.0106EPSS
Exploits1References3
hackerone
hackerone
added 2014/04/08 1:39 a.m.24 views

Khan Academy: CSRF - Adding/Removing items to cart - shop.khanacademy.org

Hi there, I've discovered a possiblity to remove/add items to a users' cart at shop.khanacademy.org. Details - Host: shop.khanacademy.org - URL: http://shop.khanacademy.org/cart - Affected parameters: updatesPRODUCTID Steps to reproduce - 1. Visit http://shop.khanacademy.org/cart and empty your...

0.3AI score
Exploits0
zdt
zdt
added 2014/03/26 12:0 a.m.43 views

Katello (Red Hat Satellite) users/update_roles Missing Authorization

This Metasploit module exploits a missing authorization vulnerability in the "updateroles" action of "users" controller of Katello and Red Hat Satellite Katello 1.5.0-14 and earlier by changing the specified account to an administrator account. This module requires Metasploit:...

6.5CVSS6.4AI score0.48221EPSS
Exploits5
zdt
zdt
added 2014/03/25 12:0 a.m.24 views

LifeSize UVC Authenticated Remote Command Execution

When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user or equivalent. This module requires Metasploit: http//metasploit.com/download Current source:...

7.2AI score
Exploits0
hackerone
hackerone
added 2014/03/03 9:46 p.m.117 views

OkCupid: https://www.okcupid.com/hidden-users CSRF vulnerability.

Hi, The html code below : Will make it possible to hide an user.. You can patch this by supplying a CSRF token : Best regards, Olivier Beg...

7.1AI score
Exploits0
hackerone
hackerone
added 2014/03/03 5:30 p.m.46 views

Phabricator: CSRF token valid even after the session logout of a particular user

Hi, To reproduce the issue: 1 Login to your https://secure.phabricator.com account and copy your Anti CSRF token. 2 Now logout and again login after sometime. 3 Open up your burp suite to modify the request and now submit any form with your old CSRF token. The request will be completed. So let's...

7AI score
Exploits0
hackerone
hackerone
added 2014/03/02 7:24 a.m.203 views

Slack: State parameter missing on google OAuth

Hi, State parameter i.e anti-csrf token to prevent session hijacking attacks is missing on Google OAuth i.e...

1.2AI score
Exploits0
myhack58
myhack58
added 2014/02/11 12:0 a.m.24 views

WHMCS 5.2.7 – SQL Injection Vulnerability-vulnerability warning-the black bar safety net

Vulnerability file /includes/dbfunctions.php: ? php function updatequery$table, $array, $where ... if substr$value, 0, 1 1 == 'AESENCRYPT' $query .= $value.','; continue; ... $result = mysqlquery$query, $whmcsmysql; ?& gt; EXP: !/ usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection...

0.1AI score
Exploits0
packetstorm
packetstorm
added 2014/02/04 12:0 a.m.64 views

FortiOS 5.0.5 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in FortiOS 5.0.5 II. BACKGROUND ------------------------- Fortinet's industry-leading, Network Security Platforms deliver Next Generation Firewall NGFW security with exceptional throughput, ultra low latency, and...

4.3CVSS0.02413EPSS
Exploits1
securityvulns
securityvulns
added 2014/02/03 12:0 a.m.67 views

Joomla! JomSocial component < 3.1.0.1 - Remote code execution

------------------------------------------------------------- Joomla! JomSocial component 3.1.0.1 - Remote code execution ------------------------------------------------------------- == Description == - Software link: http://www.jomsocial.com/ - Affected versions: All versions = 2.6 and 3.1.0.1...

0.3AI score
Exploits0
nvd
nvd
added 2013/12/21 12:55 a.m.22 views

CVE-2013-2628

Multiple cross-site request forgery CSRF vulnerabilities in action.php in Leed Light Feed, possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token...

6.8CVSS7.3AI score0.0069EPSS
Exploits2References3
cve
cve
added 2013/12/21 12:0 a.m.55 views

CVE-2013-2628

Leed (Light Feed) contains CSRF vulnerabilities in action.php (CVE-2013-2628), likely present before 1.5 Stable. The issue arises from missing anti-CSRF tokens, allowing an attacker to perform actions as a logged-in administrator by inducing the admin to visit a malicious link or site. The CSNC a...

6.8CVSS7.5AI score0.0069EPSS
Exploits2References3Affected Software1
packetstorm
packetstorm
added 2013/12/20 12:0 a.m.68 views

HP Operations Orchestration Central 9.06 Cross Site Scripting

Name: XSS in HP Operations Orchestration Central version 9.06 Systems Affected: HP Operations Orchestration version 9.06 Severity: High Vendor: Hewlett-Packard References: CVE-2013-6191, CVE-2013-6192, SSRT101342 Author: Bart Leppens Date: 20130919 I. BACKGROUND HP Operations Orchestration HP OO ...

6.8CVSS6.6AI score0.02491EPSS
Exploits1
exploitpack
exploitpack
added 2013/11/08 12:0 a.m.33 views

Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities

Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the...

6.1CVSS0.3AI score0.04743EPSS
Exploits12
zdt
zdt
added 2013/11/05 12:0 a.m.78 views

HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service

HOTBOX router/modem version 2.1.11 suffers from cross site request forgery, denial of service, script injection, and directory traversal vulnerabilities. Denial of service and cross site request forgery proof of concepts included...

6.1CVSS0.04743EPSS
Exploits12
packetstorm
packetstorm
added 2013/11/04 12:0 a.m.51 views

HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service

+------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. |...

6.1CVSS0.1AI score0.04743EPSS
Exploits12
osv
osv
added 2013/10/27 12:55 a.m.15 views

CVE-2013-4302

1 ApiBlock.php, 2 ApiCreateAccount.php, 3 ApiLogin.php, 4 ApiMain.php, 5 ApiQueryDeletedrevs.php, 6 ApiTokens.php, and 7 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the...

6.2AI score
Exploits0References10
zdt
zdt
added 2013/10/09 12:0 a.m.25 views

WHMCS 5.2.7 - SQL Injection Exploit

Exploit for php platform in category web applications !/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = 'email protected' just create a dummie account at /register.php userpwd =...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2013/10/08 12:0 a.m.19 views

WHMCS 5.2.7 SQL Injection

!/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = '[email protected]' just create a dummie account at /register.php userpwd = 'hacker' import urllib, re, sys from urllib2 impo...

Exploits0
seebug
seebug
added 2013/09/28 12:0 a.m.27 views

phpwind配置不当可导致CSRF发帖

简要描述: phpwind配置不当可导致CSRF发帖 详细说明: crossdomain.xml的默认设置: - 虽然有建议 但是普通站长谁没事改这个啊,还不如你们在安装时直接根据host重写下crossdomain.xml得了。 先取到csrf的token function gethash function getformhashtxt txt = txt.split'csrftoken" value="'1.split'"'0; return txt; var resultlv:LoadVars = new LoadVars; resultlv.onData = functiontx...

7AI score
Exploits0
Rows per page
Query Builder