19 matches found
EUVD-2019-1040
Malware in sbrugna...
CVE-2019-0267
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, Illuminator Servlet currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application...
Information disclosure
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, Illuminator Servlet currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application...
CVE-2019-0267
CVE-2019-0267 affects SAP Manufacturing Integration and Intelligence (MII), specifically versions 15.0, 15.1 and 15.2, where the Illuminator Servlet does not provide Anti-XSRF tokens. Root cause: lack of anti-forgery protections in the Illuminator Servlet, which can enable Cross-Site Request Forg...
CVE-2019-0267
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, Illuminator Servlet currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application...
OpenKM Document Management System 5.1.7 Command Execution
No description provided by source. COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable...
Turning off Anti-XSRF mode has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...
Turning off Anti-XSRF mode has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...
Turning off Anti-XSRF mode has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...
Turning off Anti-XSRF protection for comments has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...
Turning off Anti-XSRF protection for comments has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...
Turning off Anti-XSRF protection for comments has no effect
Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...
OpenKM Document Management System 5.1.7 Command Execution
Exploit for jsp platform in category web applications COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect:...
OpenKM 5.1.7 OS Command Execution (XSRF based)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...
OpenKM Document Management System 5.1.7 Command Execution
COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...
OpenKM Document Management System 5.1.7 - Command Execution
OpenKM Document Management System 5.1.7 - Command Execution COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect:...
LedgerSMB 1.3.0 released, includes anti-XSRF framework
Hi all; LedgerSMB 1.3.0 has been released. One of the important enhancements this version has is protection against cross-site request forgery XSRF, notably missing in past versions. The codebase we inherited when beginning the project has not been very conducive to retrofitting security framewor...
Drupal CAPTCHA Logic Security Flaw
Drupal Captcha bruteforcing bypass This is a Proof Of Concept to demonstrate a logic security flow in the way drupal captcha is used to protect login forms from bruteforce. If the captcha challenge is solved, the next login attempts can be issued without solving any new captcha challenge. Usage:...
Details Emerge on IE 8 Data-Stealing Bug
Security researcher Chris Evans has released details of the data-stealing bug in Internet Explorer 8 that he publicized earlier this month, saying that the CSS flaw can be used to force victims to post messages on Twitter and that the bug appears to be no closer to being fixed. The bug, which has...