Lucene search
+L

74 matches found

Hacker One
Hacker One
added 2018/10/10 9:31 a.m.10 views

Shopify: H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing

Hi Team! I'm reporting a rather unusual DOMXSS that allows an attacker to perform a XSS attack on any Shopify apps that use the Embedded SDK. To exploit this, several techniques were chained together: Cookie Stuffing - Login CSRF - Not Open Redirect - DOMXSS. Details Inspired by 381192, I decided...

6.2AI score
Exploits0
FreeBSD
FreeBSD
added 2018/07/04 12:0 a.m.11 views

mybb -- vulnerabilities

mybb Team reports: High risk: Image and URL MyCode Persistent XSS Medium risk: Multipage Reflected XSS Low risk: ACP logs XSS Low risk: Arbitrary file deletion via ACP’s Settings Low risk: Login CSRF Low risk: Non-video content embedding via Video MyCode...

3.2AI score
Exploits0References1
Hacker One
Hacker One
added 2017/05/30 8:23 p.m.24 views

Mixmax: Attacker can trick other into logging in as themselves

Hi Team, This bug is similar to bug report https://hackerone.com/reports/2228 as this bug also allows a user to be logged in as the attacker. An attacker can escalate this to attach his account with the victims profile and monitor his activities. Login CSRF is a type of attack where the attacker...

0.5AI score
Exploits0
OSV
OSV
added 2017/05/10 5:29 a.m.2 views

CVE-2017-5891

ASUS RT-AC and RT-N devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF...

8.8CVSS5.8AI score0.00478EPSS
Exploits2References2
exploitpack
exploitpack
added 2016/11/21 12:0 a.m.50 views

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable...

1.2AI score
Exploits0
Exploit DB
Exploit DB
added 2016/11/21 12:0 a.m.49 views

FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public:...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/11/19 12:0 a.m.27 views

FUDforum 3.0.6 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

FUDforum version 3.0.6 suffers from cross site request forgery and cross site scripting vulnerabilities. 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable:...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/18 12:0 a.m.55 views

FUDforum 3.0.6 Cross Site Request Forgery / Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public:...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2016/02/25 12:13 p.m.46 views

ThisData: Login CSRF using Google OAuth

This bug is related to bug report https://hackerone.com/reports/774 as this bug also allows a user to be logged in as the attacker. An attacker could exploit this bug as follows: Attacker initiates Google OAuth process with thisdata Attacker allows access to thisdata app Attacker records and drop...

1.1AI score
Exploits0
OSV
OSV
added 2014/05/02 5:52 p.m.8 views

MGASA-2014-0200 Updated bugzilla package fixes CVE-2014-1517

Updated bugzilla packages fix security vulnerability: The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information...

4CVSS5.7AI score0.01314EPSS
Exploits0References5
Mageia
Mageia
added 2014/05/02 5:50 p.m.74 views

Updated bugzilla package fixes multiple vulnerabilities

Updated bugzilla packages fix security vulnerabilities: Cross-site request forgery CSRF vulnerability in processbug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision tok...

6.8CVSS5.8AI score0.02824EPSS
Exploits3References6
NVD
NVD
added 2014/04/20 1:55 a.m.15 views

CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

4CVSS7AI score0.0106EPSS
Exploits1References5
NVD
NVD
added 2014/04/20 1:55 a.m.13 views

CVE-2014-1517

The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's...

4CVSS5.5AI score0.01314EPSS
Exploits0References6
OSV
OSV
added 2014/04/20 1:55 a.m.7 views

CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

7AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2014/04/20 1:55 a.m.31 views

CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

4CVSS7.2AI score0.0106EPSS
Exploits1References4
OSV
OSV
added 2014/04/20 1:55 a.m.4 views

UBUNTU-CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

4CVSS7.3AI score0.0106EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2014/04/20 1:0 a.m.29 views

CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

4CVSS6.9AI score0.0106EPSS
Exploits1
Cvelist
Cvelist
added 2014/04/20 1:0 a.m.24 views

CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

5.9AI score0.0106EPSS
Exploits1References5
CVE
CVE
added 2014/04/20 1:0 a.m.78 views

CVE-2014-2665

CVE-2014-2665 affects MediaWiki; vulnerable are builds with includes/specials/SpecialChangePassword.php prior to specific fixes. The issue arises when an authenticated user makes a login attempt that can be exploited to have a victim log in to the attacker’s account, enabling the attacker to trac...

4CVSS5.8AI score0.0106EPSS
Exploits1References5Affected Software1
Hacker One
Hacker One
added 2014/04/17 10:39 p.m.35 views

Secret: Login CSRF in Secret.ly

https://www.secret.ly//login POST //login HTTP/1.1 Host: www.secret.ly User-Agent: Mozilla/5.0 Windows NT 6.1; rv:28.0 Gecko/20100101 Firefox/28.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json;...

6.9AI score
Exploits0
Rows per page
Query Builder