Lucene search
+L

359 matches found

hackerone
hackerone
added 2018/09/25 10:58 a.m.12 views

Vanilla: Persistent XSS via Signatures

Description ----------- The current version of the signature plugin 1.6.1 is vulnerable to persistent XSS as the Format parameter is echoed without encoding. POC --- Prerequisite: Enable the Signatures plugin To place the payload, the following request can be used it's simply the request that is...

3AI score
Exploits0
prion
prion
added 2018/09/21 5:29 p.m.12 views

Design/Logic Flaw

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...

5CVSS5.5AI score0.01005EPSS
Exploits1References2Affected Software1
hackerone
hackerone
added 2018/09/12 9:51 p.m.24 views

U.S. Dept Of Defense: Cross Site Scripting (XSS) – Reflected

Reflected Cross-site Scripting XSS occur when an attacker injects browser executable code within a single HTTP response.When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests back to the client. The value of request parameter is copied in...

0.1AI score
Exploits0
prion
prion
added 2018/04/19 8:29 p.m.24 views

Cross site request forgery (csrf)

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...

6.8CVSS8.8AI score0.00936EPSS
Exploits0References2Affected Software1
cisco
cisco
added 2018/04/18 4:0 p.m.82 views

Cisco Industrial Ethernet Switches Device Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the devic...

8.8CVSS3.2AI score0.00936EPSS
Exploits0References1
prion
prion
added 2018/02/22 7:29 p.m.20 views

Design/Logic Flaw

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...

7.5CVSS9.4AI score0.01479EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2018/02/22 12:29 a.m.4 views

CVE-2018-0146

A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could...

5.8CVSS5.7AI score0.00454EPSS
Exploits0References3
nvd
nvd
added 2017/11/06 8:29 a.m.22 views

CVE-2017-16565

Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...

8.8CVSS8.9AI score0.00494EPSS
Exploits1References1
attackerkb
attackerkb
added 2017/11/06 8:29 a.m.3 views

CVE-2017-16565

Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...

8.8CVSS5.7AI score0.00494EPSS
Exploits1References3
prion
prion
added 2017/11/06 8:29 a.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...

6.8CVSS8.9AI score0.00494EPSS
Exploits1References1
cvelist
cvelist
added 2017/11/06 8:0 a.m.23 views

CVE-2017-16565

Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...

8.9AI score0.00494EPSS
Exploits1References1
osv
osv
added 2017/08/18 6:29 p.m.14 views

CVE-2017-12881

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

8.8CVSS7.6AI score
Exploits0References2
prion
prion
added 2017/08/18 6:29 p.m.19 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

6.8CVSS9AI score0.00794EPSS
Exploits0References2Affected Software1
cisco
cisco
added 2017/05/17 4:0 p.m.58 views

Cisco Industrial Ethernet 1000 Series Switches Device Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection ...

8.8CVSS9AI score0.00797EPSS
Exploits0References1
cisco
cisco
added 2017/03/15 4:0 p.m.41 views

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. The vulnerability is due to insufficient CSRF...

6.5CVSS6.7AI score0.00769EPSS
Exploits0References1
cisco
cisco
added 2016/10/26 4:0 p.m.38 views

Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability

A cross-site request forgery CSRF vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An...

4.3CVSS6.8AI score0.00496EPSS
Exploits0References1
cisco
cisco
added 2016/10/05 4:0 p.m.38 views

Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Unified Intelligence Center CUIC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to...

4.3CVSS6.1AI score0.01009EPSS
Exploits0References1
cisco
cisco
added 2016/09/28 4:0 p.m.44 views

Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Request Forgery Vulnerability

A cross-site request forgery CSRF vulnerability for Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could...

4.3CVSS9.1AI score0.00629EPSS
Exploits0References1
packetstorm
packetstorm
added 2016/06/14 12:0 a.m.18 views

Ultrabenosaurus ChatBoard Cross Site Request Forgery

!-- Exploit Title: Ultrabenosaurus ChatBoard - CSRFSend Message Date: 2016-06-14 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ultrabenosaurus.ninja/ Software Link: https://github.com/Ultrabenosaurus/ChatBoard/archive/master.zip Tested on: Debian wheezy CVE :...

1AI score
Exploits0
redhat
redhat
added 2016/05/13 7:36 a.m.7 views

chromium-browser: race condition in loader

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resourcedispatcherhostimpl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID...

5.3CVSS7.5AI score0.00943EPSS
Exploits0References5
Rows per page
Query Builder