Moodle Cross-Site Request Forgery Vulnerability (CNVD-2025-11217)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site request forgery vulnerability that stems from incorrect CSRF token checking, which can be exploited by...

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change delete any banning record if a logged in user visits attacker website. because lack of CSRF token "checking" 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally blacklist record with...

NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...

Important: pcs

Issue Overview: Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use...

Joomla! 1.6 < 1.6.1 Multiple Vulnerabilities (deprecated)

Binary data 5878.prm...

PT-2010-2961 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS versions 6.0 through 7.5 Description: The issue allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption. Recommendations: For Microsoft IIS...