Cross-Site Request Forgery (CSRF) in ampache/ampache

✍️ Description csrf bug to disable user 🕵️‍♂️ Proof of Concept I see during disable a user there is no csrf token is checking .\ 1. First login into admin account .\ 2. Now copy url http://localhost/ampache-develop/public/admin/users.php?action=disable&userid=3 and paste in browser tab and hit...

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description csrf bug to create a backup 🕵️‍♂️ Proof of Concept Bellow request vulnerable to csrf bug which allow to create database backup GET /online-rental-property-manager/app/admin/pageBackupRestore.php?action=createbackup HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when contacting team 🕵️‍♂️ Proof of Concept no csrf token contact .\ Bellow request is vulnerable to csrf attack POST /contactUsDirect.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101 Firefox/88.0 Accept:...

Cross-Site Request Forgery (CSRF) in kestasjk/webdiplomacy

✍️ Description CSRF bug when disabling notice 🕵️‍♂️ Proof of Concept no csrf token checking during enable/desable notice .\ Bellow request is vulnerable to csrf attack POST /index.php HTTP/1.1 Host: webdiplomacy.net User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:88.0 Gecko/20100101...

Weblate: Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]

Hi There is a CSRF bug on your Website leads to logout user from the dashboard. If the user click on the attached file CSRF.html redirect to another page and see the following error and the user log out immediately: F1029146 Steps to reproduce: 1- Login to your account via Login page 2- Click on...

Coinbase: Csrf bug on signup session

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, researchers are more likely to earn a larger bounty by explaining how a vulnerability can be exploited to cause harm to Coinbase or its users. Summary: CSRF bug on coinbase...

phpATM 1.32 - Multiple Vulnerabilities

!-- Exploit Title : "phpATM = 1.32 Multiple CSRF Vulnerabilities & Full Path Disclosure Vulnerability" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windows 10 with XAMPP 1 CSRF in configure.php phpATM lets the...

Researchers Outline Bugs in Yahoo, PayPal, Magento

Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy,...

D-Link Working on Firmware Updates for Three Critical Bugs

D-Link has pushed out a firmware update for three serious security vulnerabilities in its DIR-820L home routers, and is expected to do the same for seven other models between tomorrow and March 10. The vulnerabilities provide an attacker with remote access to the router without the need for...

AspTR EXtended CSRF Bug

No description provided by source...

Fedora 11 : dokuwiki-0-0.4.20091225.c.fc11 (2010-0770)

Fix CSRF bug Secunia advisory SA38205, dokuwiki bug 1853 http://secunia.com/advisories/38205/3/ - Fix Security ACL bypass bug Secunia advisory SA38183, dokuwiki bug 1847 http://secunia.com/advisories/38183/3/ - Upgrade to the latest upstream - Fix bugzilla bug 556494 Note that Tenable Network...

Simplog 0.9.3.2 XSS / XSRF

Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download Author Amol Naik amolnaik4atgmail.com Date...

openSUSE Security Update : nagios (nagios-531)

A CSRF bug in nagios' cmd.cgi CVE-2008-5028 has been fixed as well as an authentication bypass CVE-2008-5027. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update nagios-531. The text description o...