112 matches found
PT-2021-7704 · Zabbix +3 · Zabbix +3
Name of the Vulnerable Software and Affected Versions: Zabbix versions 4.0.x through 4.0.28rc1 Zabbix versions 5.0.0alpha1 through 5.0.10rc1 Zabbix versions 5.2.x through 5.2.6rc1 Zabbix versions 5.4.0alpha1 through 5.4.0beta2 Description: The issue is related to a lack of CSRF protection mechani...
CVE-2019-5430
In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...
CVE-2018-16952
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal such as changing a portal user's password. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle...
X (Formerly Twitter): CSRF on Periscope Web OAuth authorization endpoint
Hi, I would like to report an issue in the OAuth authorization endpoint on Periscope Web. This allows a malicious 3rd party application to gain full API access to a victim's Periscope account. Details Periscope has developer APIs that allow a 3rd party application to access resources on behalf of...
IBM BigFix Remote Control Information Disclosure Vulnerability (CNVD-2016-11864)
IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. An information disclosure vulnerability exists in IBM BigFix Remote Control 9.1.2 and earlier versions, which stems from the program failing to enable the HSTS protection mechanism. A remote attacker can...
OLX: CSRF in delete advertisement on olx.com.eg
I found a CSRF in the request made while deleting any ad from olx the request sent when deleting any ad is like this POST /ajax/myaccount/deactivateme/ HTTP/1.1 Host: olx.com.eg User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64; rv:51.0 Gecko/20100101 Firefox/51.0 Accept: application/json,...
Starbucks: CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)
Hello Team, I noticed there is no CSRF protection in Adding/Editing comment of wishlist items. AREA: https://www.teavana.com/us/en/my-wishlist Attacker could take advantage of this issue and exploit victim remotely. POC: Method: POST POST URL:...
KODExplorer 3.21 Cross Site Request Forgery
================================================================================ KODExplorer web file manager - Cross Site Request Foreign ================================================================================ Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ -...
CF Image Host 1.6.6 Cross Site Request Forgery Vulnerability
CF Image Host version 1.6.6 suffers from a cross site request forgery vulnerability. CF Image Host 1.6.6 Cross Site Request Forgery Vulnerability Vendor: ==================================== codefuture.co.uk/projects/imagehost Product: =================================== CF Image Host 1.65 - 1.6....
NibbleBlog 4.0.3 Cross Site Request Forgery
NibbleBlog 4.0.3: CSRF Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 07/21/2015...
IBM OmniFind - Cross-Site Request Forgery
IBM OmniFind - Cross-Site Request Forgery The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, whi...
httpd scoreboard lack of PID protection
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...