EUVD-2016-0412

Malware in sbrugna...

VulnCheck KEV: CVE-2019-9875

Sitecore CMS and Experience Platform XP contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

VulnCheck KEV: CVE-2019-9874

Sitecore CMS and Experience Platform XP contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

CVE-2021-35242

Serv-U server responds with valid CSRFToken when the request contains only Session...

SolarWinds Serv-U 15.2.4 < 15.2.5 Multiple Vulnerabilities

The version of SolarWinds Serv-U installed on the remote host is prior to 15.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the serv-u1525 advisory. - Serv-U server responds with valid CSRFToken when the request contains only Session. CVE-2021-35242 - When a user has...

flatnux 2021-03.25 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: flatnux-2021-03.25 - Remote Code Execution Authenticated Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://en.altervista.org Software Link: http://flatnux.altervista.org/flatnux.html Version: 2021-03.25 Tested on: Windows/Linux POST...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Intelligent Operations Center products (CVE-2016-0377)

Summary IBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center and related products. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-0377...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-0377

Summary A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center. IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information caused by the improper setting of a CSRFtoken cookie. IBM Spectrum Contro...

CVE-2021-35242

Serv-U server responds with valid CSRFToken when the request contains only Session...

Session fixation

Serv-U server responds with valid CSRFToken when the request contains only Session...

CVE-2021-35242

CVE-2021-35242 affects SolarWinds Serv-U: the vulnerability arises because the Serv-U server responds with a valid CSRF token even when a request contains only a Session, enabling CSRF-like abuse. The public records show CVSS data indicating network attack vector with high impact on confidentiali...

CVE-2021-35242 A valid CSRF token is present in response to an invalid request

Serv-U server responds with valid CSRFToken when the request contains only Session...

Cmsimple 5.4 Remote Code Execution

Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Date: 29.09.2021 Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests...

Log Analysis Security Bulletin List

Question Is there a list of security bulletins that describe resolved vulnerabilities affecting Log Analysis? Answer Log Analysis is made up of several components. The following table contains security bulletins that address the vulnerability of various components in Log Analysis, listed by...

osTicket 1.14.1 - (Ticket Queue) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link:...

XEROX WorkCentre 7855 Printer Cross Site Request Forgery

Exploit Title: XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link : https://www.office.xerox.com/en-us/multifunction-printers/workcentre-7800-series/ Software : Xerox Printer...

thesystem 1.0 Cross Site Scripting

Exploit Title: thesystem Persistent XSS Author: Anıl Baran Yelken Discovery Date: 2019-09-28 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A Type: Webapps Description:...

CVE-2019-9874

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

osTicket 1.11 - Cross-Site Scripting / Local File Inclusion Vulnerabilities

Exploit for php platform in category web applications Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link:...

M/Monit 3.7.2 - Privilege Escalation Exploit

Exploit for multiple platform in category web applications !/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL =...