WebCalendar 1.3 Cross Site Request Forgery

==================================================================================================================================== | Title : WebCalendar v1.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability. 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here a Planning start and end times with itemsid 3will be...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to change the email of a user with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Create users with PoC.html 🕵️‍♂️ Proof of Concept 1. User with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...

Cross-Site Request Forgery (CSRF) in ikus060/rdiffweb

✍️ Description Hello dear Rdiffweb team. I found a CSRF vulnerability on following endpoint that attackers able to Delete users with PoC.html 🕵️‍♂️ Proof of Concept 1. user with right privileges should be logged in Firefox or Safari. 2. Users go to a website that contain PoC.html 3.after visiting...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Hello dear glpi team I found one more CSRF vulnerability in following directory: Home/Setup/General/performance 🕵️‍♂️ Proof of Concept 1.fisrt user already should be logged in In Firefox or safari. 2.Open the PoC.html and click on submit button Also it can be auto-submit 3.Here User...

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of customers with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any folder with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...

Cross-Site Request Forgery (CSRF) in aces/loris

✍️ Description Attacker able to create any Category with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Attacker able to delete any document from Processing ticket with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user...

Cross-Site Request Forgery (CSRF) in glpi-project/glpi

✍️ Description Attacker able to change any task state from changes/tickets/problems with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low...

Cross-Site Request Forgery (CSRF) in devcode-it/openstamanager

✍️ Description Attacker able to change users password if users visit attacker site. 🕵️‍♂️ Proof of Concept 1.Open the PoC.html In Firefox or safari. 2.now you can check that password changed to admin0 // PoC.html history.pushState'', '', '/' document.forms0.submit; 💥 Impact This vulnerability is...

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description Attacker can delete any Exports for any user with CSRF vulnerability when the Admin or SuperAdmin or an authorized user click on PoC.html file, it is enough to attacker know the Export's names on server. I convert the...

Meredith: Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain

Hii Security Team , I am S Rahul MCEHMetaxone Certified Ethical Hacker and a Security Researcher I just checked your website and found Reflected XSS to Good XSS Clickjacking In Two Domain Description:- As the search parameter is vulnerable to XSS and but the plus point is there is no...

Microsoft Edge Chakra - 'chakra!Js::GlobalObject' Integer overflow

= 0; AnalysisAssertscriptContext; if scriptContext-GetThreadContext-EvalDisabled throw Js::EvalDisabledException; ifdef PROFILEEXEC scriptContext-ProfileBeginJs::EvalCompilePhase; endif void frameAddr = nullptr; GETCURRENTFRAMEIDframeAddr; HRESULT hr = SOK; HRESULT hrParser = SOK; HRESULT hrCodeG...

CVE-2013-2551-sample analysis and exploits and Defense-vulnerability warning-the black bar safety net

0x0 is written on the front VUPEN team in the Pwn2Own 2013 hacking contest using the vulnerability to compromise Windows 8 environment, IE10, then on their blog discloses technical details. According to VUPEN description of the vulnerability produced in the VGX. DLL module, in the VML language...