359 matches found
Vanilla: Persistent XSS via Signatures
Description ----------- The current version of the signature plugin 1.6.1 is vulnerable to persistent XSS as the Format parameter is echoed without encoding. POC --- Prerequisite: Enable the Signatures plugin To place the payload, the following request can be used it's simply the request that is...
Design/Logic Flaw
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...
U.S. Dept Of Defense: Cross Site Scripting (XSS) – Reflected
Reflected Cross-site Scripting XSS occur when an attacker injects browser executable code within a single HTTP response.When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests back to the client. The value of request parameter is copied in...
Cross site request forgery (csrf)
A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...
Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...
Design/Logic Flaw
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...
CVE-2018-0146
A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
CVE-2017-12881
Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...
Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection ...
Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...
Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability
A cross-site request forgery CSRF vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
A vulnerability in the HTTP web-based management interface of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...
Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability
A cross-site request forgery CSRF vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could...
Ultrabenosaurus ChatBoard Cross Site Request Forgery
!-- Exploit Title: Ultrabenosaurus ChatBoard - CSRFSend Message Date: 2016-06-14 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ultrabenosaurus.ninja/ Software Link: https://github.com/Ultrabenosaurus/ChatBoard/archive/master.zip Tested on: Debian wheezy CVE :...
chromium-browser: race condition in loader
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...