CVE-2019-18414

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page...

The vulnerability of the PAN-OS operating system, related to the lack of protection for mission-critical data, allows attackers to enhance their privileges.

The vulnerability of the PAN-OS operating system is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges...

CVE-2019-13056

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

CVE-2017-8334

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...

PT-2021-7704 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Zabbix versions 4.0.x through 4.0.28rc1 Zabbix versions 5.0.0alpha1 through 5.0.10rc1 Zabbix versions 5.2.x through 5.2.6rc1 Zabbix versions 5.4.0alpha1 through 5.4.0beta2 Description: The issue is related to a lack of CSRF protection mechani...

CVE-2019-5430

In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...

CVE-2018-16952

The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal such as changing a portal user's password. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle...

X (Formerly Twitter): CSRF on Periscope Web OAuth authorization endpoint

Hi, I would like to report an issue in the OAuth authorization endpoint on Periscope Web. This allows a malicious 3rd party application to gain full API access to a victim's Periscope account. Details Periscope has developer APIs that allow a 3rd party application to access resources on behalf of...

IBM BigFix Remote Control Information Disclosure Vulnerability (CNVD-2016-11864)

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. An information disclosure vulnerability exists in IBM BigFix Remote Control 9.1.2 and earlier versions, which stems from the program failing to enable the HSTS protection mechanism. A remote attacker can...

OLX: CSRF in delete advertisement on olx.com.eg

I found a CSRF in the request made while deleting any ad from olx the request sent when deleting any ad is like this POST /ajax/myaccount/deactivateme/ HTTP/1.1 Host: olx.com.eg User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64; rv:51.0 Gecko/20100101 Firefox/51.0 Accept: application/json,...

Starbucks: CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)

Hello Team, I noticed there is no CSRF protection in Adding/Editing comment of wishlist items. AREA: https://www.teavana.com/us/en/my-wishlist Attacker could take advantage of this issue and exploit victim remotely. POC: Method: POST POST URL:...

KODExplorer 3.21 Cross Site Request Forgery

================================================================================ KODExplorer web file manager - Cross Site Request Foreign ================================================================================ Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ -...

CF Image Host 1.6.6 Cross Site Request Forgery Vulnerability

CF Image Host version 1.6.6 suffers from a cross site request forgery vulnerability. CF Image Host 1.6.6 Cross Site Request Forgery Vulnerability Vendor: ==================================== codefuture.co.uk/projects/imagehost Product: =================================== CF Image Host 1.65 - 1.6....

NibbleBlog 4.0.3 Cross Site Request Forgery

NibbleBlog 4.0.3: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 07/21/2015...

IBM OmniFind - Cross-Site Request Forgery

IBM OmniFind - Cross-Site Request Forgery The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, whi...

httpd scoreboard lack of PID protection

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...