116 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors...
CVE-2016-4854
CVE-2016-4854 is a Cross-Site Request Forgery vulnerability in LG Electronics L-04D wireless router firmware versions V10a/V10b. The flaw allows remote attackers to hijack the administrator’s authentication and perform arbitrary operations via unspecified vectors. Affected products: L-04D firmwar...
CVE-2016-4878
baserCMS 3.0.10 and earlier is affected by a Cross-site request forgery (CSRF) vulnerability that enables an attacker to hijack the authentication of administrators via unspecified vectors. The exploitable scope covers baserCMS itself and related plugins (Blog, Mail, Feed, Uploader) as listed in ...
Facebook Proxygen Security Bypass Vulnerability
Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the SPDY/2 codec in versions of Facebook Proxygen prior to 2015-11-09. A remote attacker can exploit the vulnerability with the help of a specially crafted host...
Facebook Proxygen Security Breach
Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in versions of Facebook Proxygen prior to 2015-11-09 that stems from the program not properly managing the HTTPMessage.request state. A remote attacker can exploit t...
The operating system found 40 0day vulnerabilities, Samsung developers what the hell are you doing? - Vulnerability warning-the black bar safety net
Event overview Tizen is Samsung's ownoperating system, currently millions of Samsung products are installed to thisoperating system, but a security researcher recently in the Tizen system The found forty-one previously undiscovered 0day vulnerabilities. Just last month, the Wikileaks leak of CIA...
DEBIAN-CVE-2017-5492
Cross-site request forgery CSRF vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php...
The OAuth 2.0 Protocol improper use leads to billions of APP account can be remotely hijacking-vulnerability warning-the black bar safety net
Foreword Chinese University of Hong Kong the three-digit security researcher Ronghai Yang, Wing Cheong Lau And Tianyu Liu found an extremely dangerous security risk, more than 1 0 million of the mobile APP including the Android version and iOS version are in the user is completely unaware of the...
D-Link DWR-932B LTE router found multiple Backdoor-vulnerability warning-the black bar safety net
! If you have a similar to the DWR-9 3 2 B LTE D-Link router, don't wait for it to slow a firmware upgrade, or directly to give it is better. Allegedly the D-Link DWR-9 3 2 B LTE has more than 2 0 at risk, including Backdoor accounts, the default certificate, leakage of certificate, the firmware...
CVE-2016-7141
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...
Multiple Backdoors found in D-Link DWR-932 B LTE Router
If you own a D-Link wireless router, especially DWR-932 B LTE router, you should get rid of it, rather than wait for a firmware upgrade that never lands soon. D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials,...
China Cohen laboratory for remote intrusion Tesla Model S-vulnerability warning-the black bar safety net
! Everyone in the car when done properly the heart, the hacker may be in a 1 2 mile away will be able to hijack your car, while the remote control for your brake system. The Cohen laboratory in the fall of Tesla Today many car companies are providing car electronic control system, from the...
CVE-2016-6158
Multiple cross-site request forgery CSRF vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators for requests that 1 restore factory settings or 2 reboot the device via unspecified vectors...
The router is now a new vulnerability: hackers remotely hijacked Internet access-vulnerability warning-the black bar safety net
Recently, security experts found Inteno home router, there may be a security vulnerability. The vulnerability will lead to hackers can remote home router remotely hijacked and monitoring, and the router's firmware to transform into hack the homemade version, which completely take over the home...
FreedomPop Account Hijacking Flaws Remain Unpatched
It took close to two months, but free wireless and mobile provider FreedomPop has acknowledged reports of a serious vulnerability in its service. U.K.-based researcher Paul Moore told Threatpost that FreedomPop, which has been operating in the U.K. since last September, finally responded to a bug...
CVE-2016-1134
Cross-site request forgery CSRF vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and...
CVE-2015-7284
CVE-2015-7284 describes a CSRF vulnerability in ZyXEL NBG-418N devices running firmware 1.00(AADZ.3)C0. An attacker can hijack the authentication of arbitrary users via forged requests, potentially executing actions with the victim’s session privileges. Documented impact includes remote attacker ...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot...
CVE-2015-7925
CVE-2015-7925 is a CSRF vulnerability affecting eWON industrial routers with firmware prior to 10.1s0. The web server allows actions to be triggered without anti-CSRF protections, enabling an attacker to perform administrator-level operations (e.g., firmware upload, configuration changes, reboot)...
CVE-2015-0115
CVE-2015-0115 is a CSRF vulnerability in IBM Leads affecting multiple versions (7.x; 8.1.0 before 8.1.0.14; 8.2; 8.5.0 before 8.5.0.7.3; 8.6.0 before 8.6.0.8.1; 9.0.0 through 9.0.0.4; 9.1.0 before 9.1.0.6.1; 9.1.1 before 9.1.1.0.2) that allows remote authenticated users to hijack the authenticati...