eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: eXtreme Message Board 1.9.11 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Thu 15 Jul 2010 12:08:07 PM EEST Vendor: http://www.xmbforum.com/ Download: http://www.xmbforum.com/download/XMB-1.9.11.09.zip --- -= CSRF PoC 1 - Change...

TomatoCart 1.0.1 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: TomatoCart 1.0.1 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download:...

Diferior CMS 8.03 Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Diferior CMS 8.03 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Tue 13 Jul 2010 11:50:32 AM EEST Vendor: http://diferior.com/ Download: http://diferior.com/postfiles/news/diferior-8-03-released/Diferiorv8.03.tar.gz --- -= CSRF P...

Wolfcms <= 0.75 Multiple Vulnerabilities (CSRF - XSS)

No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano Binetti...

Orbis CMS 1.0.2 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Orbis CMS 1.0.2 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 08:08:10 PM EEST Vendor: http://www.novo-ws.com/orbis-cms/ Download: http://www.ohloh.net/p/orbis-cms/download?filename=orbis-1.0.2.zip --- -= CSRF Po...

Grafik CMS 1.1.2 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Grafik CMS 1.1.2 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Mon 12 Jul 2010 07:07:22 PM EEST Vendor: http://www.grafik-power.com/grafikcms/ Download: None --- -= CSRF PoC 1 - Change Admin Password =- html head titleGrafik CMS...

campus virtual-lms (xss/SQL Injection) Multiple Vulnerabilities

No description provided by source. +-----------------------------------------------------------------------------+ LMS: Campus Virtual-LMS WEB: http://campusvirtualcomputrade.cae.net Autor: Yasión Fecha: 12 jun 2009 +-----------------------------------------------------------------------------+...

openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:0344-1)

phpMyAdmin was updated to 4.1.8 to fix bugs, security issues and also bring new features. Fixed security issue : - PMASA-2014-1 CVE-2014-1879, CWE-661 CWE-79 - update to 4.1.8 2014-02-22 - sf4276 Login loop on session expiry - sf4249 Incorrect number of result rows for SQL with subqueries - sf427...

openSUSE Security Update : lxsession (openSUSE-SU-2010:0426-1)

lxsession-logout did not properly lock the screen before suspending, hibernating and switching between users which could allow attackers with physical access to take control of the system to obtain sensitive information and / or execute arbitrary code in the context of the user who is currently...

Automattic: Process of changing email address and password does not asks old Password.

This Vulnerability could be destructive if The user uses a shared computer,or if he uses wordpress in a cyber cafe and forgets to logout from wordpress. If any user uses his wordpress account in some other computer and forgets to logout,his accounts remain insecure.I was wondered that wordpress d...

Automattic: logout csrf app.simplenote.com/logout

Proof of Concept:...

Factlink: Session not expired on logout

factlink is not expiring sessions immediately after logout 1. log on to https://staging.factlink.com/ 2. Open HTTP LIVE HEADERS and login in https://staging.factlink.com/ with your correct username and password 3. capture request for ex click on settings...

Localize: Business logic Failure - Browser cache management and logout vulnerability.

Vulnerability class: Business logic Failure - Browser cache management and logout vulnerability. Vulnerability impact: Logging out from an application does not clear the browser cache of any sensitive information that have been stored. Steps to reproduce: 1. Login to portal. 2.browse few tabs 3...

IRCCloud: iOS application does not destroy session upon logout.

After a user logs out of the iOS application, the server should be destroying the user's session. However, this is not occurring in the iOS application. When the log out request is made, the following request and response is sent and received from the server: REQUEST: POST /apn-unregister HTTP/1....

PT-2014-4357 · Videowhisper · Videowhisper Live Streaming Integration

Name of the Vulnerable Software and Affected Versions: VideoWhisper Live Streaming Integration plugin versions prior to 4.29.5 Description: The issue allows remote attackers to read or delete arbitrary files due to directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration...

Phabricator: CSRF token valid even after the session logout of a particular user

Hi, To reproduce the issue: 1 Login to your https://secure.phabricator.com account and copy your Anti CSRF token. 2 Now logout and again login after sometime. 3 Open up your burp suite to modify the request and now submit any form with your old CSRF token. The request will be completed. So let's...

Google Chrome CSRF Vulnerability - Linux

Google Chrome is prone to a cross-site request forgery CSRF attack. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome...

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

CVE-2013-6166

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

Cross site request forgery (csrf)

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...