Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users...

The vulnerability of the microprogramming software of the Medialink MWN-WARP300N router allows a hacker to gain access to the authentication data of arbitrary users.

The vulnerability of the Microprogrammed Routing Software of the Medialink MWN-WARP300N router is related to the of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows a perpetrator to gain access to the authentication data of arbitrary users.

The vulnerability of the web application framework of the Cisco Identity Services Engine is related to the。 Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication data of arbitrary users...

The vulnerability of the HP System Management Homepage software allows a perpetrator to bypass the authentication process for arbitrary users.

The vulnerability of the HP System Management Homepage software relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to bypass the authentication procedures for arbitrary users...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in advpwdcgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 allows remote attackers to hijack the authentication of arbitrary users...

PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities

PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt Vendor: ================================ www.phpservermonitor.org...

PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt Vendor: ================================ www.phpservermonitor.org...

The vulnerability of the microprogramming software of the Cisco TelePresence Server allows a perpetrator to circumvent the authentication process for arbitrary users.

The vulnerability of the microprogramming software of the Cisco TelePresence Server device is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow a malicious actor to bypass the authentication procedures for arbitrary users...

Datalex airline booking software allowed authorization bypass for arbitrary users

Overview Datalex provides a suite of software offerings for the airline industry which supports a customizable flight browsing, booking, payment, and analytics. The Datalex airline booking software contained an error in its error handling routines which allows authorization bypass and loss of...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cisco Prime Infrastructure 1.20.103 and 2.00.0 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059...

WordPress MP3-jPlayer 2.3.2 Path Disclosure Vulnerability

WordPress MP3-jPlayer plugin version 2.3.2 suffers from a path disclosure vulnerability. Title: Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-12 Download Site: https://wordpress.org/plugins/mp3-jplayer/ Vendor:...

The vulnerability of the Moodle learning management system allows a perpetrator to bypass the authentication process for arbitrary users.

The vulnerability of the auth/shibboleth/logout.php component of the Moodle learning management system is related to the。 Exploiting this vulnerability could allow a malicious actor, operating remotely, to bypass authentication procedures for arbitrary users using specially crafted requests...

CVE-2015-4637

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.11.40 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 create, 2 delete, or 3 alter invoices via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Decisions module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that remove individual voters via unspecified vectors...

Nakid-CMS CSRF, Persistent XSS & LFI

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-NAKIDCMS0611.txt Vendor: ================================ http://kilrizzy.github.io/Nakid-CMS/ Product: ================================ kilrizzy-Nakid-CMS-f274624 Nakid CMS is...

Nakid CMS - Multiple Vulnerabilities

Nakid CMS - Multiple Vulnerabilities Exploit Title: CSRF, Persistent XSS & LFI Google Dork: intitle: CSRF, Persistent XSS & LFI Date: 2015-06-11 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: kilrizzy.github.io/Nakid-CMS Software Link:...

Design/Logic Flaw

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service reboot or shutdown, create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a...

CVE-2015-0759

Cisco Headend Digital Broadband Delivery System is affected by a CSRF vulnerability (CVE-2015-0759) where an unauthenticated attacker could cause actions in a user’s browser by tricking them into visiting a malicious link. Root cause: insufficient input validation on web requests. Impact: remote ...