544 matches found
CVE-2022-3221
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.3...
CVE-2022-3221
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.3...
PYSEC-2022-278
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.3...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.3...
PYSEC-2022-278
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.3...
CVE-2022-3221 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.3...
CVE-2022-3221 Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb
Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.4.3...
CVE-2022-3221
CVE-2022-3221 affects ikus060/rdiffweb prior to version 2.4.3, where a CSRF flaw in the profile SSH keys flow can enable unauthorized access. The issue arises from accepting a GET request during SSH-key operations, leading to key addition without proper user interaction. The vulnerability is miti...
PT-2022-21152 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.3 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository ikus060/rdiffweb. When adding SSH public keys to a profile, the server accepts GET requests, which can lead to...
Rdiffweb 跨站请求伪造漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your profiles through an efficient web interface. A cross-site request forgery vulnerability exists in Rdiffweb versions prior to 2.4.3, which stems from cross-site request forgery in...
CSRF resulting in Account Takeover
Description Hello everyone, Rdiffweb offers a profile section where the admin user can change his informations such as the username, the email etc..., when the admin changes his username and his email; the following POST requests is sent: POST /prefs/general HTTP/1.1 Host:...
Weak Password Requirements
rdiffweb uses weak password requirements. The vulnerability exists because there's no policy or any checks for password which allows an attacker to get access to all user's accounts with weak password by bruteforce attack...
Information Disclosure
rdiffweb is vulnerable to Information Disclosure. The vulnerability exists in setpassword method in store.py where a remote unauthenticated attacker is able to gain access to sensitive user information through the default error page due to insufficient checks...
Bypass IP detection to brute-force password in ikus060/rdiffweb
Description In login API, by default, the IP address will be blocked when the user tries to login incorrectly more than 5 times but we can bypass this mechanism by abuse X-Forwarded-For header to bypass IP dectection and perform password brute-force. Proof of Concept POST /login/ HTTP/1.1 Host:...
GHSA-CH4C-278Q-5654 rdiffweb Missing Custom Error Page
rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue...
GHSA-MJW4-XVX6-3GRG rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue...
rdiffweb Missing Custom Error Page
rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue...
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue...
GHSA-MP5P-G2JV-R8QW rdiffweb contains Weak Password Requirements
rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths...
rdiffweb contains Weak Password Requirements
rdiffweb version 2.4.1 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths...