Cross site request forgery (csrf)

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery CSRF due to lack of security mechanisms for token protection and unsafe inputs and modules...

e107 跨站请求伪造漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site request forgery vulnerabilit...

PT-2021-17645 · E107 · E107

Name of the Vulnerable Software and Affected Versions: e107 versions 2.3.0 and earlier Description: The issue is related to the lack of a certain e TOKEN protection mechanism in the usersettings.php file. This affects the security of the software. Recommendations: For versions 2.3.0 and earlier,...

CVE-2021-21241

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and...

Softwaremill Akka-http-session Cross-Site Request Forgery Vulnerability

Softwaremill Softwaremill Akka-http-session is a codebase for providing continuous JWT and continuous connection support for single page or mobile applications from Softwaremill, Poland. A security vulnerability exists in com.softwaremill.akka-http-session:core2.13, which stems from the fact that...

CVE-2020-12257

rConfig 3.9.4 is vulnerable to cross-site request forgery CSRF because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form add a user, delete a user, or edit a user...

moodle -- Login CSRF vulnerability

moodle reports: The login form is not protected by a token to prevent login cross-site request forgery...

PT-2022-6480 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to the lack of protection of the web page structure in Zabbix, a universal monitoring system. An authenticated user can create a link with reflected Javascript code insi...

See how I found the Yahoo XSSi vulnerability to achieve the user information stealing-vulnerability warning-the black bar safety net

! Find some specific categories of vulnerability is composed of two key parts, that is the vulnerability the cognitive as well as mining the degree of difficulty. Cross-site script contains a vulnerabilityXSSi in a recognized security standards OWASP TOP 10 and is not mentioned, but it is also no...

s9y Serendipity Cross Site Request Forgery

Details ====== Software: s9y Serendipity Version: Mitigations ======= update to Serendipity v2.1.x ======== FIX: ========== https://github.com/s9y/Serendipity/issues/452 Best regards, Zhiyang Zeng of Tencent security platform department...

CareMonkey - Reset Password Token Remote Vulnerability

Document Title: =============== CareMonkey - Reset Password Token Remote Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1926 Video: https://www.youtube.com/watch?v=cnwmQAUI7ik Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1873 Release Date:...

Zomato: CSRF AT INVITING PEOPLE THOUGH PHONE NUMBER

Hello, Please Add CSRF Token While Inviting The User Though Phone Number , You Have Good Rate Limit Protection But At The Same Time Add CSRF TOKEN :- CODE :- Thanks!...

phpmyadmin -- Multiple XSS vulnerabilities

The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is...

phpmyadmin -- XSS vulnerability in SQL editor

The phpMyAdmin development team reports: With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection preven...

phpmyadmin -- XSS vulnerability in normalization page

The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database normalization page. We consider this vulnerability to be non-critical. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token...

GET to the vulnerability-vulnerability warning-the black bar safety net

This article is mainly about the current on the Internet get method is non-standard use of some of the security vulnerabilities. Which focuses on speaking the get request in the account login system is abuse of the scene and attacks. 0x01 Get method defined In between the client and server for...

itBit Exchange: Leakage of sensitive wallet tokens to third party sites

Hello Itbit team This is Shahmeer and i am reporting a very critical issue in which the wallet tokens such as the one below are being leaked to third party websites https://beta.itbit.com/trading-history/402bd136-be8f-45e2-89ea-46e3283f8118 The above listed URL contains the wallet token that is...

FreeBSD : phpMyAdmin -- XSS and information disclosure vulnerabilities (a5d4a82a-7153-11e4-88c7-6805ca0b3d42)

The phpMyAdmin development team reports : - With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. - With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. - With a crafted value for...

phpMyAdmin -- XSS and information disclosure vulnerabilities

The phpMyAdmin development team reports: With a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page. With a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages. With a crafted value for font siz...

phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.

The phpMyAdmin development team reports: With a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries. This vulnerability can be triggered only by someone who is logged in to...