Lucene search
K

116 matches found

Prion
Prion
added 2017/06/09 4:29 p.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors...

4.3CVSS7.5AI score0.01262EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2017/05/22 4:0 p.m.44 views

CVE-2016-4854

CVE-2016-4854 is a Cross-Site Request Forgery vulnerability in LG Electronics L-04D wireless router firmware versions V10a/V10b. The flaw allows remote attackers to hijack the administrator’s authentication and perform arbitrary operations via unspecified vectors. Affected products: L-04D firmwar...

8.8CVSS8.9AI score0.00977EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/05/12 6:0 p.m.47 views

CVE-2016-4878

baserCMS 3.0.10 and earlier is affected by a Cross-site request forgery (CSRF) vulnerability that enables an attacker to hijack the authentication of administrators via unspecified vectors. The exploitable scope covers baserCMS itself and related plugins (Blog, Mail, Feed, Uploader) as listed in ...

8.8CVSS8.8AI score0.00944EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/04/20 12:0 a.m.2 views

Facebook Proxygen Security Bypass Vulnerability

Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the SPDY/2 codec in versions of Facebook Proxygen prior to 2015-11-09. A remote attacker can exploit the vulnerability with the help of a specially crafted host...

7.5CVSS6.8AI score0.01243EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/20 12:0 a.m.3 views

Facebook Proxygen Security Breach

Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in versions of Facebook Proxygen prior to 2015-11-09 that stems from the program not properly managing the HTTPMessage.request state. A remote attacker can exploit t...

7.5CVSS6.8AI score0.01243EPSS
Exploits0References1
myhack58
myhack58
added 2017/04/09 12:0 a.m.46 views

The operating system found 40 0day vulnerabilities, Samsung developers what the hell are you doing? - Vulnerability warning-the black bar safety net

Event overview Tizen is Samsung's ownoperating system, currently millions of Samsung products are installed to thisoperating system, but a security researcher recently in the Tizen system The found forty-one previously undiscovered 0day vulnerabilities. Just last month, the Wikileaks leak of CIA...

8.8AI score
Exploits0
OSV
OSV
added 2017/01/15 2:59 a.m.1 views

DEBIAN-CVE-2017-5492

Cross-site request forgery CSRF vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php...

8.8CVSS8.9AI score0.0193EPSS
Exploits0References1
myhack58
myhack58
added 2016/11/08 12:0 a.m.12 views

The OAuth 2.0 Protocol improper use leads to billions of APP account can be remotely hijacking-vulnerability warning-the black bar safety net

Foreword Chinese University of Hong Kong the three-digit security researcher Ronghai Yang, Wing Cheong Lau And Tianyu Liu found an extremely dangerous security risk, more than 1 0 million of the mobile APP including the Android version and iOS version are in the user is completely unaware of the...

0.5AI score
Exploits0
myhack58
myhack58
added 2016/10/18 12:0 a.m.20 views

D-Link DWR-932B LTE router found multiple Backdoor-vulnerability warning-the black bar safety net

! If you have a similar to the DWR-9 3 2 B LTE D-Link router, don't wait for it to slow a firmware upgrade, or directly to give it is better. Allegedly the D-Link DWR-9 3 2 B LTE has more than 2 0 at risk, including Backdoor accounts, the default certificate, leakage of certificate, the firmware...

7.8AI score
Exploits0
NVD
NVD
added 2016/10/03 9:59 p.m.23 views

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

7.5CVSS7.9AI score0.08404EPSS
Exploits0References12
The Hacker News
The Hacker News
added 2016/09/28 11:59 p.m.11 views

Multiple Backdoors found in D-Link DWR-932 B LTE Router

If you own a D-Link wireless router, especially DWR-932 B LTE router, you should get rid of it, rather than wait for a firmware upgrade that never lands soon. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials,...

7.2AI score
Exploits0
myhack58
myhack58
added 2016/09/24 12:0 a.m.38 views

China Cohen laboratory for remote intrusion Tesla Model S-vulnerability warning-the black bar safety net

! Everyone in the car when done properly the heart, the hacker may be in a 1 2 mile away will be able to hijack your car, while the remote control for your brake system. The Cohen laboratory in the fall of Tesla Today many car companies are providing car electronic control system, from the...

1.4AI score
Exploits0
NVD
NVD
added 2016/09/21 2:25 p.m.17 views

CVE-2016-6158

Multiple cross-site request forgery CSRF vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that 1 restore factory settings or 2 reboot the device via unspecified vectors...

7.1CVSS6.9AI score0.01215EPSS
Exploits0References1
myhack58
myhack58
added 2016/09/06 12:0 a.m.18 views

The router is now a new vulnerability: hackers remotely hijacked Internet access-vulnerability warning-the black bar safety net

Recently, security experts found Inteno home router, there may be a security vulnerability. The vulnerability will lead to hackers can remote home router remotely hijacked and monitoring, and the router's firmware to transform into hack the homemade version, which completely take over the home...

1.9AI score
Exploits0
ThreatPost
ThreatPost
added 2016/05/03 11:36 a.m.11 views

FreedomPop Account Hijacking Flaws Remain Unpatched

It took close to two months, but free wireless and mobile provider FreedomPop has acknowledged reports of a serious vulnerability in its service. U.K.-based researcher Paul Moore told Threatpost that FreedomPop, which has been operating in the U.K. since last September, finally responded to a bug...

8.3AI score
Exploits0References1
NVD
NVD
added 2016/01/22 11:59 a.m.25 views

CVE-2016-1134

Cross-site request forgery CSRF vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and...

8.8CVSS9AI score0.00541EPSS
Exploits0References2
CVE
CVE
added 2015/12/31 2:0 a.m.64 views

CVE-2015-7284

CVE-2015-7284 describes a CSRF vulnerability in ZyXEL NBG-418N devices running firmware 1.00(AADZ.3)C0. An attacker can hijack the authentication of arbitrary users via forged requests, potentially executing actions with the victim’s session privileges. Documented impact includes remote attacker ...

8CVSS8.2AI score0.01105EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2015/12/23 11:59 a.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot...

6.8CVSS7.8AI score0.01243EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2015/12/23 11:0 a.m.43 views

CVE-2015-7925

CVE-2015-7925 is a CSRF vulnerability affecting eWON industrial routers with firmware prior to 10.1s0. The web server allows actions to be triggered without anti-CSRF protections, enabling an attacker to perform administrator-level operations (e.g., firmware upload, configuration changes, reboot)...

8CVSS8.1AI score0.01243EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2015/06/28 10:0 p.m.45 views

CVE-2015-0115

CVE-2015-0115 is a CSRF vulnerability in IBM Leads affecting multiple versions (7.x; 8.1.0 before 8.1.0.14; 8.2; 8.5.0 before 8.5.0.7.3; 8.6.0 before 8.6.0.8.1; 9.0.0 through 9.0.0.4; 9.1.0 before 9.1.0.6.1; 9.1.1 before 9.1.1.0.2) that allows remote authenticated users to hijack the authenticati...

6CVSS6.7AI score0.00489EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder