Exploit for Improper Authentication in Oracle Database_Server

This is an offensive tool for Oracle Database exploitation. The repository contains several modules that exploit various vulnerabilities in Oracle Database, including: 1. CVE-2012-3137: This module exploits a vulnerability in Oracle Database that allows an attacker to obtain remote passwords usin...

Linux kernel 输入验证错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a limit of 1 packet not allowed by the netsched: schsfq module...

CVE-2024-55924

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55924

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55924

CVE-2024-55924 affects TYPO3, specifically the Scheduler Module, where back-end deep-link functionality is vulnerable to CSRF and state-changing actions were accepting HTTP GET submissions. Exploitation requires an active backend session and social-engineering the user into visiting a malicious U...

CVE-2024-55924 Cross-Site Request Forgery in Scheduler Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

PT-2025-3152 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptible to Cross-Site Request Forgery CSRF. State-changing actions in...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

SA-CONTRIB-2014-107 - Scheduler - Cross Site Scripting

The Scheduler module allows nodes to be published and unpublished on specified dates. The module allows administrators to provide additional help text on the content editing form when scheduling is enabled. The module doesn't sufficiently filter the help text which could lead to a Cross Site...

CVE-2009-2733

Multiple cross-site scripting XSS vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via 1 the scheduler title in the scheduler module, and the 2 atksearchcontractnumber, 3 atksearchAEcustomercustomer, 4 atksearchmodecontracttype, and possibly 5...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via 1 the scheduler title in the scheduler module, and the 2 atksearchcontractnumber, 3 atksearchAEcustomercustomer, 4 atksearchmodecontracttype, and possibly 5...