CVE-2015-4361

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via...

CVE-2015-4359

The vulnerability CVE-2015-4359 affects the Drupal Registration codes module. Affected are 6.x-1.x prior to 6.x-1.6, 6.x-2.x prior to 6.x-2.8, and 7.x-1.x prior to 7.x-1.2. The issue is cross-site scripting (XSS) where remote authenticated users with permission to create or edit taxonomy terms or...

CVE-2015-4360

CVE-2015-4360 is a CSRF vulnerability in the Drupal contributed module Registration codes affecting 6.x-1.x before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2. The underlying issue allows remote attackers to hijack administrator authentication for requests that delete role-rules (...

CVE-2015-4359

Multiple cross-site scripting XSS vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via...

CVE-2015-4360

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors...

CVE-2015-4361

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors...

Security Questions Not So Secure

The Internet knows a lot about you, including your mother’s maiden name, your favorite food, and what street your first pet grew up on. And, according to some new research from Google, attackers have a good chance of figuring those things out pretty easily, too. The security questions that Google...

Oracle BI Mobile HD v11.x iOS - Persistent UI Vulnerability

Document Title: =============== Oracle BI Mobile HD v11.x iOS - Persistent UI Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1361 Oracle Security ID: S0540289 Tracking ID: S0540289 Reporter ID: 1 2015Q1 Release Date: ============= 2015-05-06...

Dropbox: Race condition when redeeming coupon codes

Hello, there is a race condition when redeeming coupon codes in https://www.dropbox.com/coupons. Basically, it enables me to reuse one coupon code many times. Here are the steps to reproduce: 1. Get a coupon code. I bought mine on fiverr. 2. Go to https://www.dropbox.com/coupons and enter your co...

Ebay Xcom Item Preview Cross Site Scripting

Document Title: =============== Ebay Inc Xcom 4 - Item Preview Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1215 Release Date: ============= 2015-03-23 Vulnerability Laboratory ID VL-ID: ==================================== 12...

Cross site request forgery (csrf)

The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and...

SSL Labs API Client

This module is a simple client for the SSL Labs APIs, designed for SSL/TLS assessment during a penetration test. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'activesupport/inflector' require 'json' require...

Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability

Document Title: =============== Ebay Inc Xcom 4 - Item Preview Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1215 Release Date: ============= 2015-03-23 Vulnerability Laboratory ID VL-ID: ==================================== 12...

The financial industry platform for common security vulnerabilities and prevention-vulnerability and early warning-the black bar safety net

A Foreword Internet Finance is the two years in the financial sector of emerging terminology, but also the Internet industry is an important branch, but the Internet Finance is not the Internet and the financial industry of simple binding, but in achieving security, mobile, etc. network technolog...

Security Advisory - Multiple Injection Vulnerabilities in UDS

The OceanStor UDS has some vulnerability: Attacker injects JavaScript into patch. After the patch is loaded through the OceanStor DeviceManager, the returned content contains the injected script. After the script is parsed and executed on the OceanStor DeviceManager, information leak occurs...

Multiple vulnerabilities in Drupal Registration codes module

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Registration codes is one of the modules that provides users with a valid registration code when they register a new account on the site. A cross-site scripting vulnerability and a...

CVE-2015-0895

Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...