EUVD-2022-28619

Malicious code in bioql PyPI...

CVE-2023-7045

A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server KAS...

CVE-2023-7045

CVE-2023-7045 affects GitLab CE/EE: versions 13.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. Root cause described as a CSRF vulnerability that could allow an attacker to exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS). Impact is limited to token leakage (CSRF...

Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery

The plugin does not properly implement anti-CSRF mechanisms, making it vulnerable to potential CSRF attacks...

SPIP v4.2.0 - Remote Code Execution (Unauthenticated)

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

CVE-2022-23680

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

Cross site request forgery (csrf)

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

CVE-2022-23680

CVE-2022-23680 involves ArubaOS-CX switches lacking Anti-CSRF protections for state-changing operations. Affected versions include ArubaOS-CX 10.10.xxxx up to 10.10.0002, 10.09.xxxx up to 10.09.1020, 10.08.xxxx up to 10.08.1060, and 10.06.xxxx up to 10.06.0200. Multiple connected sources (NVD, Re...

CVE-2022-23679

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-08-19 Date...

Cross-Site Request Forgery (CSRF) in yeswiki/yeswiki

Description Hey all, so i found that YesWiki doesn't implement any sort of anti-csrf mechanism, i found that the change email function is vulnerable to CSRF attacks which leads to Account Takeover. Proof of Concept Exploitation Scenario: - An attacker sends the above PoC to the victim. - rather...

CVE-2021-20862

Improper access control vulnerability in ELECOM routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior,...

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Hi, By continuing to look at the project I was able to find a new XSS stored. Although it seems to be filtered in some parts of the site, when sending a photo as a greeting card, it is possible to include an arbitrary payload in the text field leading to a stored XSS. From OWASP :...

Predictable CSRF tokens in centreon/centreon

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...

Cross site request forgery (csrf)

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...

CVE-2021-28055

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...

Insecure Anti-CSRF Tokens

myfaces-impl uses an insecure cryptographic random for anti-CSRF tokens. The usage of the insecure tokens would allow an attacker to predict subsequent anti-CSRF token values and successfully perform requests on behalf of the users...

0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...

CVE-2020-28931

Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website...

CVE-2019-16187

LimeSurvey prior to 3.17.14 is affected. The root cause is an anti‑CSRF cookie that is not HttpOnly, allowing client‑side scripts to access the cookie value. This can lead to exposure of cookie data and constitutes a high-risk issue per CVSS2/3.1 metrics (base scores 5.0/7.5 respectively). The ad...