SAP GRC 安全漏洞

SAP GRC is a suite of solutions and products from SAP, Germany. can help you manage enterprise resources in a way that minimizes risk, builds trust, and reduces compliance costs. A security vulnerability exists in SAP GRC that stems from improper authorization and could result in modification or...

CVE-2011-5298

Multiple cross-site request forgery CSRF vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that 1 modify credentials via the role parameter to users/create/, 2 modify rules via the terms field in streamfilterrule JSON da...

Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification

!/usr/bin/env python Exploit Title: Osprey Pump Controller v1.0.1 - Authentication Bypass Credentials Modification Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that 1 modify articles via a savepost action to admin/news/saveNEWSID/, 2 modify settings via a savepost action to admin/site/save2/...

Cross-site Request Forgery (CSRF) in KaiBB

High-Tech Bridge SA Security Research Lab has discovered vulnerability in KaiBB which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in KaiBB The vulnerability exists due to insufficient validation of the request origin in admin/core/account.ph...

Abyss Web Server X1 - Cross-Site Request Forgery

http://osvdb.org/show/osvdb/64693 http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html : Abyss Web Server X1 XSRF A cross-site request forgery vunlerability in the Abyss Web Server X1 management console can be exploited to change both the username and password of the...