66 matches found
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
This affects the package com.softwaremill.akka-http-session:core2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core2.11; the package com.softwaremill.akka-http-session:core2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request...
Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)
Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery CSRF Date: November 29, 2021 Exploit Author: =LL= Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/ Vendor Homepage: https://github.com/arunna Software Link:...
WordPress Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-101474)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. cross-site request forgery vulnerability exists in...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
✍️ Description Attacker able to change any role with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...
Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF
The LikeBtn WordPress plugin was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery SSRF. On line 7493 in likebtnlikebutton.php a hook is set to allow unauthenticated ajax calls which will call the function likebtnprx. As the name suggests, this function works as a proxy and can ...
Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot
Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot Date: 10/28/2020 Exploit Author: Mohammed Farhan Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Author Contact:...
CVE-2020-14204
In WebFOCUS Business Intelligence 8.0 SP6, the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibiapps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t...
Navigate CMS 2.8.7 Cross Site Request Forgery
Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Teste...
Cross site request forgery (csrf)
The option-tree plugin before 2.6.0 for WordPress has XSS via an addlistitem or addsociallinks AJAX request...
CVE-2019-13584
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request...
W3 Total Cache Plugin for WordPress < 0.9.7.4 Multiple Vulnerabilities
The WordPress W3 Total Cache Plugin installed on the remote host is affected by multiple vulnerabilities : - A Cross-Site Scripting XSS vulnerability exists due to improper validation of user-supplied input in command parameter of /w3-total-cache/pub/opcache.php. - A Server Side Request Forgery...
CVE-2019-1003058
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpldoLoginCheck method allows attackers to initiate a connection to an attacker-specified server...
MACCMS 10 - Cross-Site Request Forgery (Add User)
Exploit Title: MACCMSV10 CSRF vulnerability add admin account Date: 2018-06-11 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I found a CSRF vulnerability in maccmsv10,this...
CVE-2018-1000195
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful 200 or not...
CVE-2018-1000055
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery Vulnerability
Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ==================...
Telecom Charging Panel ADSL (IR) - CSRF Web Vulnerability
Document Title: =============== Telecom Charging Panel ADSL IR - CSRF Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1773 Release Date: ============= 2016-03-01 Vulnerability Laboratory ID VL-ID: ==================================== 17...
Centreon 2.6.1 Add Administrator Cross Site Request Forgery
Centreon 2.6.1 CSRF Add Admin Exploit Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics...
Cisco Unified MeetingPlace Server Multiple State Changing URL API Functionalities Cross-Site Request Forgery Vulnerability
A vulnerability in multiple-state-changing URL application programming interface API functionalities within the Cisco Unified MeetingPlace Server could allow an unauthenticated, remote attacker to perform cross-site request forgery CSRF attacks. The vulnerability is due to insufficient CSRF...
Beetel 450TC2 Router - Cross-Site Request Forgery (Admin Password)
input type="submit" value="Submit f...