327 matches found
SUSE CVE-2016-2812
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash via a crafted web site...
Inout Search Engine 10.1.3 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Cross-Site Request Forgery (CSRF)
apache-superset is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the use of the HTTP GET method for the legacy REST API endpoints in the requestaccess and approve functions of core.py, allowing an attacker to redirect to the malicious URL through the GET request...
Security feature bypass
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method...
Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla jMarket 5.15 Cross Site Scripting Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : Joobi │ │ Software : jMarket 5.1...
Joomla Easy Shop 1.4.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla EDocman 1.23.3 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
CRLFsuite - Fast CRLF Injection Scanning Tool
CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git $ cd CRLFsuite $ sudo python3 setup.py install $ crlfsuite -h Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported...
Cross Site Request Forgery in acknowledging Toast
Description Hi there linkding maintainers, I would like to report a Cross site request forgery in acknowledging toast. This is due to the use of GET method. Proof of Concept 1. Install a local instance of linkding 2. Create admin user admin 3. Log in as admin and create a new toast 4. Go back to...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP GET method. An attacker can hijack the authentication of administrators by exploiting the vulnerability through crafted...
GHSA-799H-QR84-PCRP Kallithea Routes CSRF Bypass
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method...
PT-2022-16937 · Unknown · Http-Swagger
Name of the Vulnerable Software and Affected Versions: http-swagger versions prior to 1.2.6 Description: The issue allows an attacker to perform a denial of service attack consisting of memory exhaustion on the host system due to improper handling of HTTP methods. This can also lead to other...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
Description CSRF on various endpoints Summary Pretty recently CSRF protection in calibre-web was implemented. However, there are some state-changing endpoints that accept GET requests instead of POST. The most impactful route so far, that allows to completely shutdown the server:...
Cross-Site Request Forgery (CSRF) in patrowl/patrowlmanager
Description Hi there, there is a CSRF in duplicating rule due to the usage of GET method. Proof of Concept 1. Install a local instance of PatrowlManager 2. Go to list rule and create a new rule 3. Access this link http://localhost:8083/rules/api/v1/alerting/duplicate/1 and see that the rule is...
TotoLink A702r 安全漏洞
TOTOLINK A702r is a router device from China-based Gion Electronics TOTOLINK.A security vulnerability exists in TOTOLINK A702r, which stems from the product's login page that does not add effective permission control for directory access. An attacker can access the /add/, /img/, /js/, /mobile...
CVE-2020-27379
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...
CVE-2021-23389
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set and U.get functions...
OS Command Injection in falconchristmas/fpp
✍️ Description FPP - Falcon Player is vulnerable to OS Command injection attacks on ping.php because it doesnt sanitize user supplied parameters as shown below. : Vulnerable variable: count Method: GET The $count variable is constructed using the user supplied data, and then is used in a system...