The vulnerability of the embedded software of NETGEAR’s RAX200, MR60, RAX20, RAX45, RAX80, MS60, RAX15, RAX50, RAX75, RBR750, RBR850, RBS750, and RBK752 routers exists due to the lack of protective measures for the website structure. This vulnerability allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the embedded software of NETGEAR’s RAX200, MR60, RAX20, RAX45, RAX80, MS60, RAX15, RAX50, RAX75, RBR750, RBR850, RBS750, RBS850, RBK752, and RBK852 routers exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a...

The vulnerability of the GitBucket collaborative development web service lies in its lack of protection for website structures, allowing attackers to execute arbitrary code.

The vulnerability in the collaborative development web service GitBucket is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2021-24490

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

The plugin does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments PoC POST /wp-admin/admin.php?page=comment-link-remove HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8...

CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage...

CVE-2021-24434

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-invoicing-system

✍️ Description The app/admin/pageDeleteGroup.php?groupID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a group from their invoice system. 🕵️‍♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...

Cross-Site Request Forgery (CSRF) in erudika/scoold

✍️ Description The /voteup/question/ endpoint does not have a CSRF protection. This could be exploited by an attacker to manipulate votes in a question. 🕵️‍♂️ Proof of Concept An attacker creates the following web page and sends a link to a logged in user. // PoC.html Click Here When an...

The vulnerability of the programmable logic controller Modicon TSX TWIDO, related to the absence of a mechanism to protect operational data, allows a intruder to obtain the project password.

The vulnerability of the embedded software of the programmable logic controller Modicon TSX TWIDO is related to the absence of a mechanism for protecting operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain the project password...

The vulnerability of the serial interface converters NPort IA5150A/IA5250A, IA5450A lies in the lack of protection for transmitted data. This allows attackers to gain unauthorized access to protected information through Telnet connections.

The vulnerability of the serial interface converters NPort IA5150A/IA5250A, IA5450A lies in the lack of protection for transmitted data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information through Telnet connections...

CVE-2021-3022

An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 January 2021...

Vidyo 安全漏洞

Vidyo is a software used to support video conferencing from Vidyo, Inc. in the United States. A clickjacking vulnerability exists in Vidyo version 02-09-/D. The vulnerability stems from the absence of protection such as X-Frame-Options, which could be exploited by an attacker to achieve...

The vulnerability of the “Basic HTTP Authentication” method used by the CmtViewer application for controlling programmable panels arises from the lack of protection for the transmitted data. This allows a hacker to gain access to the system.

The vulnerability of the “Basic HTTP Authentication” method used by the CmtViewer application for controlling programmable panels is related to the lack of protection for the transmitted data. Exploiting this vulnerability could allow a remote attacker to gain access to the system...

CVE-2020-9237

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126C00E125R5P3 have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device...

CVE-2020-9346

Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery CSRF attacks, as demonstrated by changing a user's role...

The vulnerability of Eclipse Jetty servlet containers, related to the lack of protection for service data, allows attackers to exploit the protected information.

The vulnerability of Eclipse Jetty servlet containers is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

CVE-2019-18414

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page...

The vulnerability of the PAN-OS operating system, related to the lack of protection for mission-critical data, allows attackers to enhance their privileges.

The vulnerability of the PAN-OS operating system is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges...

CVE-2019-13056

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection...

CVE-2017-8334

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection...