10 matches found
EUVD-2021-18743
Malware in sbrugna...
CVE-2012-6493
CVE-2012-6493: Multiple CSRF vulnerabilities in Rapid7 Nexpose Security Console
CVE-2012-6493
Cross-site request forgery CSRF vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete scan data and sites via a request to data/site/delete...
Nexpose Security Console CSRF Vulnerability
Exploit for multiple platform in category web applications Product: Nexpose Security Console Vendor: Rapid7 Version: //document.forms0.submit; //uncomment to auto-submit /code 2. Lure victim to http://attackersite.com/nexpose-csrf.htm. 3. Site with ID 1...
Nexpose Security Console - Cross-Site Request Forgery
Product: Nexpose Security Console Vendor: Rapid7 Version: //document.forms0.submit; //uncomment to auto-submit /code 2. Lure victim to http://attackersite.com/nexpose-csrf.htm. 3. Site with ID 1 is deleted when form is submitted. Vendor Notif...
Nexpose Security Console - Cross-Site Request Forgery
Nexpose Security Console - Cross-Site Request Forgery Product: Nexpose Security Console Vendor: Rapid7 Version: //document.forms0.submit; //uncomment to auto-submit /code 2. Lure victim to http://attackersite.com/nexpose-csrf.htm. 3. Site with ID 1 is deleted when form is submitted. V...
Nexpose Security Console Cross Site Request Forgery
Product: Nexpose Security Console Vendor: Rapid7 Version: //document.forms0.submit; //uncomment to auto-submit /code 2. Lure victim to http://attackersite.com/nexpose-csrf.htm. 3. Site with ID 1 is deleted when form is submitted. Vendor Notified: Yes Vend...
CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)
Product: Nexpose Security Console Vendor: Rapid7 Version: 5.5.3 Tested Version: 5.5.1 Vendor Notified Date: December 19, 2012 Release Date: January 2, 2013 Risk: High Authentication: None required Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in Nexpose Securit...
CVE-2012-6494 - Nexpose Security Console - Session Hijacking
Product: Nexpose Security Console Vendor: Rapid7 Version: 5.5.3 Tested Version: 5.5.1 Vendor Notified Date: December 19, 2012 Release Date: January 2, 2013 Risk: Medium Authentication: Access to logs required. Remote: Yes Description: Due to a flaw in the way the Nexpose Security Console logs...
Nexpose Security Console Session Capture
Product: Nexpose Security Console Vendor: Rapid7 Version: is replaced by nexposeCCSessionID=;time-zone-offset=000. 5. Success. Vendor Notified: Yes Vendor Response: Quickly escalated and resolved. Vendor Update: Remediated in 5.5.4. Reference: CVE-2012-6494...