53 matches found
python-django: CSRF protection bypass on a site with Google Analytics
A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...
python-django: CSRF protection bypass on a site with Google Analytics
A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...
python-django: CSRF protection bypass on a site with Google Analytics
A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...
CVE-2016-7401
A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...
UBUNTU-CVE-2015-3801
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors...
Aruba Mobility Controller 6.4.2.8 - Multiple Vulnerabilities
Title: Aruba Mobility Controller CSRF And XSS Vulnerabilities Date: 08/016/2015 Author: Itzik Chen Product web page: http://www.arubanetworks.com Affected Version: 6.4.2.8 Tested on: Aruba7240, Ver 6.2.4.8 Summary ================ Aruba Networks is an HP company, one of the leaders in enterprise...
Middle School Homework Page 1.3 Beta 1 Cross Site Scripting / SQL Injection
Middle School Homework Page V1.3 Beta 1 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...
Ipswitch IMail 11.01 - Cross-Site Scripting
!/usr/bin/perl Exploit Title: Ipswitch IMail 11.01 XSS Vulnerability Date: 26-04-2013 Author: DaOne aka Mocking Bird Vendor Homepage: http://www.ipswitch.com/ Platform: windows use Net::SMTP; ARGV Check if $ARGV != 2 print "\nUSAGE: IMail.pl \n"; exit; $host = $ARGV0; $attacker = $ARGV1; $victim ...
Tinymcpuk 0.3 Cross Site Scripting Vulnerability
Tinymcpuk version 0.3 suffers from a cross site scripting vulnerability. Exploit Title: tinymcpuk xss vulnerability Google Dork: n/a Date: 1/12/2012 GMT+7 Exploit Author: eidelweiss @randyarios Vendor Homepage: http://sourceforge.net/projects/p4a/files/tinymcpuk/ Software Link:...
Manchester United Cross Site Scripting
Exploit Title: manchester united xss Date: 10.08.2012 Author: TayfunBasoglu Tested: BackTrack 5 Platform: Php ---------------- http://www.manutd.com/Search-Results.aspx?qs=manutdfrontend&catTxt=&searchText=XSS http://www.manutd.com/Search-Results.aspx?qs=manutdfrontend&catTxt=&searchText="...
Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially...
Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...
Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...
Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...
xWeblog v2.2 Insecure Cookie Handling Vulnerability
Exploit for php platform in category web applications =================================================== xWeblog v2.2 Insecure Cookie Handling Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'...
MidWeb CMS (top.asp) XSS Vulnerability
Exploit for php platform in category web applications ====================================== MidWeb CMS top.asp XSS Vulnerability ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...
dB Masters MultiMedia - Insecure Cookie Handling
======================================================================================== | Title : dB Masters Multimedia Insecure Cookie Handling Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | W...
Beex 3 Cross Site Scripting
/ | | \ \ / / | | \ \ / / | |\ \ /\ / / | | | | | | \ V /| | | \ V V / | | || | || / ||| // ,|, | |/ | | | |/ / | ' \ | | / | | | | | | | |||,|| || || Beex 3 Remote XSS Vulnerabilities Discovered By : Moudi Contact : Download : http://www.aom-software.de/beexstart.php Greetings : Mizoz,...
Miniweb 2.0 Publisher SQL Injection / XSS
-----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
AGTC MyShop 3.2 - Insecure Cookie Handling
AGTC MyShop 3.2 - Insecure Cookie Handling ======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script : AGTC MyShop v3.2b + Site :www.websiteforsaleuk.co.uk + Found by : Mr.tro0oq...