CVE-2015-2861

Cross-site request forgery CSRF vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users...

CVE-2015-2861

CVE-2015-2861 affects Vesta Control Panel prior to version 0.9.8-14. It is a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to hijack the authentication of arbitrary users who have an active session. Root cause is CSRF in the web interface enabling actions with the victim...

CVE-2015-2861

Cross-site request forgery CSRF vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users...

Vesta Control Panel 0.9.8 OS Command Injection

Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...

Vesta Control Panel OS Command Injection Vulnerability

Vesta Control Panel is an open source web hosting control panel. Vesta Control Panel has a security vulnerability. Because the input passed to "/list/backup/index.php" via the "backup" HTTP GET parameter is not sufficiently filtered before using the PHP 'exec' function, a remote attacker can inje...

Vesta Control Panel is vulnerable to cross-site request forgery

Overview Vesta Control Panel is vulnerable to a cross-site request forgery CSRF attack. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2015-2861Vesta Control Panel contains a cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a...

ISPConfig 3.0.5.4p6 SQL Injection / Cross Site Request Forgery

Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: June 1...

Vesta Control Panel Cross-Site Request Forgery Vulnerability

Vesta Control Panel is an open source web hosting control panel. A cross-site request forgery vulnerability exists in Vesta Control Panel. As the program fails to properly validate HTTP requests. An attacker could use this vulnerability to perform unauthorized actions on a user's logged in...

Vesta Control Panel 0.9.8 Cross Site Request Forgery

Exploit Title: Vesta Control Panel CSRFchange admin password Date: 24-05-2015 Exploit Author: Ben Khlifa Fahmi Vendor Homepage: https://vestacp.com/ Software Link: http://vestacp.com/pub/vst-install.sh Version: 0.9.8amd64 Tested on: ubuntu trusty 14.04 Description:...

OS Command Injection in Vesta Control Panel

High-Tech Bridge Security Research Lab discovered critical vulnerability in Vesta Control Panel, which can be exploited to execute arbitrary system commands and gain complete access to the vulnerable system. The vulnerability exists due to insufficient filtration of user-input passed via the...

Multiple Vulnerabilities in ISPConfig

High-Tech Bridge Security Research Lab discovered two vulnerabilities in a popular hosting control panel ISPConfig. The vulnerabilities can be exploited to execute arbitrary SQL commands in application database, perform a CSRF attack and gain complete control over the web application. 1 SQL...

KLA10581 Privilege escalation vulnerability in Microsoft Silverlight

An unspecified vulnerability was found in Microsoft Silverlight. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a specially designed Silverlight application. Original advisories Microsoft advisory CVE-2015-1715 Related produc...

D-Link cloud routing memory vulnerability: hack 1 minute break or leakage of online banking passwords-vulnerability warning-the black bar safety net

D-Link cloud routing memory the vulnerability may leak password Relates to 1 of 7 models; the Friends of the news group in English official website released four of the model number Router the patch, but there is no Chinese version of the Beijing news news recently, the domestic security experts...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Admin Control Panel ACP login in MyBB aka MyBulletinBoard before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2015-2334

Cross-site request forgery CSRF vulnerability in the Admin Control Panel ACP login in MyBB aka MyBulletinBoard before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Details Surface on Stuxnet Patch Bypass

It took 10 hours to find what had eluded others for close to five years. German computer science student Michael Heerklotz spent the Christmas holiday reading Countdown to Zero Day, a narrative on the discovery and impact of Stuxnet, the computer worm considered one of the first cyberweapons, and...

LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure Exploit

Exploit for hardware platform in category web applications !/usr/bin/perl LG DVR LE6016D unauthenticated remote users/passwords disclosure exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Digital video recorder DVR surveillance is the use of cameras, often hidden or concealed,...

LG DVR LE6016D Credential Disclosure

!/usr/bin/perl LG DVR LE6016D unauthenticated remote users/passwords disclosure exploit Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ Digital video recorder DVR surveillance is the use of cameras, often hidden or concealed, that use DVR technology to record video for playback or...

MyBB 1.8.1 /admin/modules/config/language.php 跨站脚本漏洞

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register This poc requires a valid credentialcookie to the ACPAdmin Control Panel to work. class TestPOCPOCBase: vulID =...