Oxwall 1.7.4 - Cross-Site Request Forgery

Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Versions: 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: September 8, 2015 Public Disclosure: October 22, 201...

Oxwall 1.7.4 Cross Site Request Forgery

Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Versions: 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Vendor Patch: September 8, 2015 Public Disclosure: October 22, 201...

Cross-Site Request Forgery on Oxwall

High-Tech Bridge Security Research Lab discovered vulnerability in Oxwall, which can be exploited to perform CSRF Cross-Site Request Forgery attacks. An attacker might be able to put the website under maintenance and perform XSS attacks against website visitors. The vulnerability exists due to...

Oxwall-1.7.0

Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a...

CVE-2014-9101

Multiple cross-site request forgery CSRF vulnerabilities in Oxwall 1.7.0 build 7907 and 7906 and SkaDate Lite 2.0 build 7651 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks or possibly have other unspecified impact v...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Oxwall 1.7.0 build 7907 and 7906 and SkaDate Lite 2.0 build 7651 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks or possibly have other unspecified impact v...

CVE-2014-9101

Multiple cross-site request forgery CSRF vulnerabilities in Oxwall 1.7.0 build 7907 and 7906 and SkaDate Lite 2.0 build 7651 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks or possibly have other unspecified impact v...

CVE-2014-9101

CVE-2014-9101 affects Oxwall 1.7.0 (build 7907/7906) and SkaDate Lite 2.0 (build 7651) with multiple CSRF vulnerabilities enabling possible admin session hijack and related XSS via POST parameters (e.g., label in admin/users/roles/, lang[...] in AddAccountType, qst_name in addQuestion, form_name ...

oxwall 1.7.0 /users.php 跨站脚本漏洞

No description provided by source...

oxwall 1.7.0 /avatar_service.php 文件上传漏洞

No description provided by source...

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...

Oxwall 1.7.0 - Remote Code Execution Exploit

Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a...

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

No description provided by source. !-- Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social...

Oxwall 1.7.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python Oxwall 1.7.0 Remote Code Execution Exploit Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social...

Oxwall 1.7.0 Remote Code Execution

!/usr/bin/env python Oxwall 1.7.0 Remote Code Execution Exploit Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Desc: Oxwa...

Oxwall 1.7.0 Cross Site Request Forgery / Cross Site Scripting

Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities input type="hidden" name="formname"...

Oxwall 1.7.0 - Remote Code Execution

Oxwall 1.7.0 - Remote Code Execution !/usr/bin/env python Oxwall 1.7.0 Remote Code Execution Exploit Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social...

Oxwall 1.7.0 - Multiple Cross-Site Request Forgery HTML Injection Vulnerabilities

Oxwall 1.7.0 - Multiple Cross-Site Request Forgery HTML Injection Vulnerabilities Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities form action="http://192.168.0.105/admin/users/roles/" method="...

Oxwall 1.7.0 - Remote Code Execution

!/usr/bin/env python Oxwall 1.7.0 Remote Code Execution Exploit Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Desc: Oxwa...

Oxwall 1.7.0 - Multiple Cross-Site Request Forgery / HTML Injection Vulnerabilities

Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities input type="hidden" name=...