Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary IBM Cognos Analytics is affected and considered vulnerable, based on current information, to vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries...

in opensourcepos/opensourcepos

✍️ Description The giftcards/view/ POST request can be hijacked so that the information will be sent to another page, by modifying the login page URL. 🕵️‍♂️ Proof of Concept Change the login page URL to https://mydomain.com/giftcards/view/anotherpagehere Then the form action in the webpage will be...

Malicious Package

Overview Version 1.1.7 of impala contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.1.7 of this module is found installed you...

New Relic: Insecure transition from HTTP to HTTPS in form post

Vulnerability description:- This form is served from an insecure page http page. This page could be hijacked using a Man-in-the-middle attack and an attacker can replace the form target. This vulnerability affects:- /selfies/submit. attack details:- Form name: "form144" Form action:...

Netease Weibo CSRF two use-vulnerability warning-the black bar safety net

Does not perform token authentication vulnerable to CSRF attacks Detailed description: A malicious attacker may construct a malicious form, and the defrauded victims of the click, when the victim clicks on the link, on behalf of the victim to produce a microblogging information, this method can...

Planet 1.1 - [CSRF] Add Admin Account

Exploit for php platform in category web applications ===================================== Planet 1.1 - CSRF Add Admin Account ===================================== Exploit Title: Planet 1.1 - CSRF Add Admin Account Date: 17-06-2010 Author: G0D-F4Th3r Software Link:...

CVE-2007-1188

WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for 1 composition or 2 length, which has unknown impact, possibly related to "search form hijacking"...

Design/Logic Flaw

WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for 1 composition or 2 length, which has unknown impact, possibly related to "search form hijacking"...

CVE-2007-1188

WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for 1 composition or 2 length, which has unknown impact, possibly related to "search form hijacking"...

CVE-2007-1188

CVE-2007-1188 concerns WebAPP prior to 0.9.9.5, where the Search form accepts input that is not checked for composition or length. The impact is described as unknown and possibly related to “search form hijacking,” but no concrete exploitation details, affected versions beyond the stated one, or ...