10 matches found
EUVD-2013-7222
Malware in sbrugna...
CVE-2019-17590
The csrfcallback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them...
ZoneMinder Snapshots Command Injection
This module exploits an unauthenticated command injection in zoneminder that can be exploited by appending a command to the "create monitor ids"-action of the snapshot view. Affected versions: use exploit/unix/webapp/zonemindersnapshots msf exploitzonemindersnapshots show targets ...targets... ms...
ZoneMinder Language Settings Remote Code Execution
This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Module Options msf use exploit/unix/webapp/zoneminderlangexec...
CVE-2019-17590
The csrfcallback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them...
CVE-2019-17590
The csrfcallback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them...
CVE-2019-17590
The CVE-2019-17590 entry concerns CSRF protection bypass in the CSRF Magic library (through 2016-03-27) via tampering with csrf_token values. The exploitation path described involves remote attackers crafting malicious pages and social engineering victims into clicking a link; on clicking, an att...
CVE-2013-7464
In csrf-magic before 1.0.4, if $GLOBALS'csrf''secret' is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used...
CVE-2013-7464
In csrf-magic before 1.0.4, if $GLOBALS'csrf''secret' is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used...
CVE-2013-7464
In csrf-magic before 1.0.4, if $GLOBALS'csrf''secret' is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used...