EUVD-2022-5363

Malicious code in bioql PyPI...

EUVD-2024-1850

Malicious code in bioql PyPI...

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

FUDForum Remote Code Execution Vulnerability

FUDForum is a PHP-based open source forum software.FUDForum versions prior to 3.1.2 are vulnerable to remote code execution. An attacker can use this vulnerability to execute remote code with the help of the upload file function of the file management system in the administration control panel...

FUDForum Cross-Site Scripting Vulnerability (CNVD-2022-70052)

FUDForum is a PHP-based forum software. version 3.1.2 of FUDForum contains a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks with the help of the pageu title parameter of the page manager in the administration control panel...

GHSA-VJ3X-VFM4-HVXC phpBB Cross-Site Request Forgery (CSRF)

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

phpBB Cross-Site Request Forgery (CSRF)

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

Online Polling System SQL Injection

Exploit Title: Online Polling System Authentication Bypass SQL Injection Date: July 2020 Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass Unthenticated User perform SQL Injectio...

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

Cross site request forgery (csrf)

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

CVE-2019-16993

CVE-2019-16993 affects phpBB

CVE-2019-16993

In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...

Session Token In URL

PhpBB sends the session token via a GET parameter in the URL. Due to the way phpbb works, having the session ID is not enough for a remote attacker to gain access to the application since the session tokens are tied to an IP address. However, with knowledge of the administrator's session ID, the...

CVE-2019-13376

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

Cross site request forgery (csrf)

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

CVE-2019-13376

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...

Bitsolution.ws ICT Consulting Firm 1.0 Bypass / SQL Injection

Exploit Title : Bitsolution.ws ICT Consulting Firm 1.0 SQL Injection / Improper Authentication Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : bitsolution.ws Tested On : Windows Category : WebApps Exploit Risk : Medium Version Information : 1.0 CWE : CWE-287 Improper...

Gemalto HASP SRM, Sentinel HASP and Sentinel LDK Cross-Site Scripting Vulnerabilities

Gemalto HASP SRM, Sentinel HASP and Sentinel LDK are products of Gemalto, Inc. Gemalto HASP SRM and Sentinel HASP are cryptographic lock drivers. License Manager service is one of the license management services. A cross-site scripting vulnerability exists in the License Manager service in Gemalt...

FreePBX 13: From Cross-Site Scripting to Remote Command Execution

RIPS Analysis The total amount of detected vulnerabilities is very high. Luckily, the majority of the detected vulnerabilities are inside the administration control panel, such that attackers either need to steal a valid account first or they have to trick an administrator into visiting a malicio...