Cross site request forgery (csrf)

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘namefilter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery...

MTN Group: SSRF Keycloak before 13.0.0 - CVE-2020-10770 on https://sponsoredata.mtn.ci

A flaw was found in Keycloak before 13.0.0, where it was possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allowed an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

The vulnerability of the ARPrice Lite plugin of the WordPress content management system allows a hacker to perform a CSRF attack.

The vulnerability of the ARPrice Lite plugin of the WordPress content management system is related to insufficient protection when entering CSRF requests. Exploiting this vulnerability can allow a remote attacker to execute a CSRF attack...

wpa_supplicant and hostapd 输入验证错误漏洞

hostapd is a user space daemon for access points and authentication servers. wpasupplicant is a cross-platform WPA request program. The program supports WEP, WPA, and WPA2, among others. An input validation error vulnerability exists in wpasupplicant and hostapd 2.9, which stems from improper...

Denial Of Service (DoS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

CVE-2017-14362 MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack...

CSRF vulnerability exists in Aisooki enterprise website builder system V2.1

Aisok universal enterprise building system cicms is based on PHP + Mysql development of an enterprise website management system. CSRF vulnerability exists in Aisooker General Enterprise Website Builder System V2.1. An attacker can exploit this vulnerability to forge form links and trick...

Server side request forgery (ssrf)

The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...

CVE-2016-6129

CVE-2016-6129 affects LibTomCrypt (used by OP-TEE before 2.2.0). The rsa_verify_hash_ex function does not validate that the message length matches the ASN.1 encoded data length, enabling Bleichenbacher-like forgery of RSA signatures or public certificates. Public disclosures in multiple feeds (De...

SUSE: Security Advisory for mozilla-nss (SUSE-SU-2014:1220-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenSSH sshd monitor component input validation vulnerability

OpenSSH OpenBSD Secure Shell on non-OpenBSD platforms is a set of connectivity tools for secure access to remote computers running on non-OpenBSD BSD-based UNIX implementations platforms maintained by the OpenBSD Project. A security vulnerability exists in the monitor component of OpenSSH 6.9 and...

DSA-3034-1 iceweasel - security update

Bulletin has no description...

NSS: Signature forgery attack

Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...