23 matches found
EUVD-2018-4614
Malware in sbrugna...
EUVD-2021-29082
Malicious code in bioql PyPI...
Booked Scheduler 2.7.5 - Remote Command Execution Exploit
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581 !/usr/bin/python3...
Oracle Linux 7 : mailman (ELSA-2021-4913)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4913 advisory. - Fix for CVE-2021-44227 - Fix for CVE-2016-6893 - Fix for CVE-2021-42097 Tenable has extracted the preceding description block directly from the Oracl...
openSUSE 15 Security Update : mailman (openSUSE-SU-2021:1436-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1436-1 advisory. - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be...
Privilege Escalation
GNU Mailman is vulnerable to allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...
CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...
CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...
CVE-2021-42096
Removed by vendor...
CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...
CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...
CVE-2020-25453
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability bypass csrftoken that allows remote arbitrary code execution...
CVE-2020-25453
CVE-2020-25453 affects BlackCat CMS prior to v1.4. It describes a CSRF token bypass vulnerability that enables remote arbitrary code execution. Multiple sources (NVD, Red Hat, OSV, ExploitDB, CVE listings) confirm the issue exists and provide a PoC/exploit context for BlackCat CMS 1.3.6. No offic...
CVE-2018-16314
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...
Crlf injection
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...
CVE-2018-16314
The CVE-2018-16314 issue affects idreamsoft iCMS 7.0.11, specifically the admincp.php CSRF verification. If CSRF_TOKEN is absent, the system validates only the Referer header, which can be bypassed via a substring in admincp.php within that header. This describes a CSRF protection bypass vulnerab...
GHSA-FXPG-GG9G-76GJ Cross-site scripting in django
Cross-site scripting XSS vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken aka csrftoken cookie...
CVE-2018-12659
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrftoken parameter...
startbbs系统全版本无视验证码爆破漏洞
在登录处: 输入账号密码错误的时候,会提示跳转 当返回该页面时,发现验证码毫无改变? 抓包,查看了一下,发现有csrftoken。但是cookie里面也有csrftoken,自己测试了发,发现两个csrftoken一样即可。 然后使用burp进行爆破...
Gratipay: csrf_token cookie don't have the flag "HttpOnly"
As the researcher @kuskumar pointed out, the cookie csrftoken doesn't have the HttpOnly flag. While it is often seen as bad practice to leave cookies without this flag since they are likely to be stolen via XSS, our session cookie has this flag set, making impersonation harder. Regarding csrftoke...