Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

seebug.org
seebug.orgadded 2015/09/21 12:0 a.m.92 views

Siemens SIMATIC S7-1200固件版本低于4.1.3的设备跨站伪造请求(CSRF)漏洞

漏洞分析 Siemens SIMATIC S7-1200的web端可以与控制PLC的运行以及设备状态数据的获取。而固件版本低于4.1.3的web存在跨站请求伪造(CSRF)漏洞。 由于S7-1200的web端并没有采取针对CSRF攻击的防范措施,如验证HTTP Referer字段,因此攻击者可以实施CSRF攻击,在未授权的情况下进行PLC运行状态改变,更新固件等敏感操作。 漏洞验证 我们通过zoomeye,搜索到一款SIMATIC S7-1200,固件版本号为v3.00.01,经过测试发现存在CSRF漏洞。 验证过程:...

7.1AI score
Exploits0
Kitploit
Kitploitadded 2013/12/20 5:58 p.m.14 views

[OWASP CSRFTester] Facilitates Ability to Test Applications for CSRF

OWASP CSRFTester is a tool for testing CSRF vulnerability in websites. Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe. Cross-Site Request Forgery CSRF is an attack whereby the victim is tricked into loadin...

7.2AI score
Exploits0
Rows per page
Query Builder