Opera Web Browser 8.0/8.5 HTML Form Status Bar Misrepresentation Vulnerability

source: http://www.securityfocus.com/bid/15472/info A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into following a link to a malicious site. This vulnerability would most...

Automattic: HTML form without CSRF protection

HTML form without CSRF protection Vulnerability description Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts...

Easily around the various WAF POST injection, cross-site Defense(such as security Dog)-vulnerability warning-the black bar safety net

XXX before there was mention of a multipart request to bypass the various WAF way: 3 6 0 website po/security po/accelerating music and other similar product protection to bypass the defective one, and seemingly didn't cause much concern. Found out today that a security Dog gets smart before that ...

Canon PIXMA MX722 Printer Wireless Password Disclosure

Affects: Canon PIXMA MX722 Printer and probably other Canon printers. After typing my WPA2 WiFi password into the printer through the built-in hardware keypad, it exposes the cleartext password to the LAN through an admin page that isn't password protected:...

Mohachat 0.1.1 Cross Site Scripting / Redirection

Exploit Title: Mohachat 0.1.1 Cross Site Scripting Vulnerability Mohachat 0.1.1 HTML Form redirecting page Date: 2014 18 March Author: Dr.3v1l Vendor Homepage: http://mohachat.org Version : 0.1.1 Tested on: Windows Category: webapps Google Dork: intext:"MOHA Chat 0.1.1 S.H.Mohanjith" + Exploit :...

Upload vulnerability science[1]-The file upload form is Web Security the main threat-vulnerability warning-the black bar safety net

In order to allow the end user to upload files to your website, just like Is to compromise your server for a malicious user to open another door. Even so, in today's modern Internet Web applications, it is a common requirement, because it helps to improve your business efficiency. On Facebook and...

PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)

Property Listing Script V2.0 - Add Admin CSRF Vulnerability ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/property-listing-script/ === Exploit ===...

Drupal 7.x < 7.24 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 7.x prior to 7.24. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...

MGASA-2013-0321 Updated chromium-browser-stable packages fix multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Atte Kettunen of OUSPG discover a use-after-free issue in Blink's XML HTTP request implementation CVE-2013-2925. cloudfuzzer discovered a use-after-free issue in the list indenting implementation CVE-2013-2926. cloudfuzzer...

Debian DSA-2785-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-2906 Atte Kettunen of OUSPG discovered race conditions in Web Audio. - CVE-2013-2907 Boris Zbarsky discovered an out-of-bounds read in window.prototype. - CVE-2013-2908 Chamal de Silva discovered an address bar...

DSA-2785-1 chromium-browser - several

Bulletin has no description...

Debian Security Advisory DSA 2785-1 (chromium-browser - several vulnerabilities)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-2906 Atte Kettunen of OUSPG discovered race conditions in Web Audio. CVE-2013-2907 Boris Zbarsky discovered an out-of-bounds read in window.prototype. CVE-2013-2908 Chamal de Silva discovered an address bar spoofin...

Ebuddy Web Messenger Disclosure / CSRF Vulnerabilities

Ebuddy Web Messenger suffers from index disclosure, cross site request forgery, htaccess file disclosure, and insecure credential transport vulnerabilities...

Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability

A vulnerability in the captive portal application of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker or local, authenticated attacker to potentially gain access to the username and password of an authenticated session. The vulnerability is due to improper use of...

BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Bigace CMS CSRF - Adding an admin account Date: 2013 29 July Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.bigace.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2.7.8 Contacts: http://Twitter.com/YShahinzadeh ,...

Buffalo WZR-HP-G300NH2 - Cross-Site Request Forgery

Buffalo WZR-HP-G300NH2 - Cross-Site Request Forgery Exploit Title: Buffalo WZR-HP-G300NH2 CSRF Vulnerability Author: Prayas Kulshrestha E-mail: [email protected] Category: Hardware Google Dork: N/A Date: 06/10/2013 Vendor: http://www.buffalotech.com Model: WZR-HP-G300NH2 Firmware Versio...

Help Desk Customer Service Ticket System 1.0 CSRF

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...

SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)

This module enables you to expose Drupal entities as RESTful web services. It provides a machine-readable interface to exchange resources in JSON, XML and RDF. The module doesn't sufficiently verify POST requests thereby exposing a Cross Site Request Forgery vulnerability. This vulnerability is...

SMCWBR14-G2 PPPoE Data Disclosure (ADSL Router)

Exploit for hardware platform in category web applications ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title:...

Utopia News Pro 1.4.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Utopia News Pro 1.4.0 Greetz Dr.WEP , JIKO , ahwak2000 , RENO , ABU NWAF , Dr.HAiL , snc0pe , 020 JaBrOt HaCkEr , alkaseer20 , SadHaCkEr , Cyber Code , aircrack -ng All FriendS...