Netatalk 后置链接漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.2 to 4.4.2 of Netatalk had a post-release vulnerability due to improper link resolution. This vulnerability could allo...

Trend Micro Apex One 后置链接漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a postback link vulnerability, which stems from issues with the scanning engine’s link tracking mechanism. This vulnerability may allow local attackers to gain elevated...

Microsoft Defender 后置链接漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. Microsoft Defender has a postback link vulnerability, which stems from improper link resolution before file access. This vulnerability could allow authorized attackers to gain local privileges...

Microsoft Azure Portal Windows Admin Center 后置链接漏洞

Microsoft Azure Portal Windows Admin Center is a Windows server and hybrid cloud management platform integrated with the Azure Portal by Microsoft Corporation. There is a postback link vulnerability in Microsoft Azure Portal Windows Admin Center, which stems from improper link resolution before...

HashiCorp Tooling 后置链接漏洞

HashiCorp Tooling is a series of software tools developed by HashiCorp Inc., aimed at infrastructure automation, cloud resource management, and security operations. Versions of HashiCorp Tooling prior to 0.42.0 contained a postback link vulnerability. This vulnerability stemmed from a sandbox pat...

LORIS Neuroimaging Platform 后置链接漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 20.0.0 to 27.0.3, as well as versions before 28.0.1, had a postback link vulnerability. This vulnerability stemmed from an error in the endpoint of the publication module,...

Backstage Backlink Vulnerability

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Backstage has a postback link vulnerability, which stems from multiple Scaffolder operations and archive extraction tools being susceptible to path traversal attacks based...

CVE-2022-2233

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabcadminslidespostback function found in the /admin/admin.php file. This makes it possible for unauthenticated attackers to inje...

CVE-2022-2233

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabcadminslidespostback function found in the /admin/admin.php file. This makes it possible for unauthenticated attackers to inje...

PT-2022-15368 · WordPress · Banner Cycler

Name of the Vulnerable Software and Affected Versions: Banner Cycler plugin for WordPress versions up to and including 1.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce protection on the pabc admin slides postback function in the /admin/admin.php file. This...

WordPress plugin Banner Cycler 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

GHSA-VM6R-4P4V-232X October CMS CSRF

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 aka Build 426 due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a...

Cross site request forgery (csrf)

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 aka Build 426 due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a...

CVE-2017-16244

Cross-Site Request Forgery exists in OctoberCMS 1.0.426 aka Build 426 due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a...

OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery

OctoberCMS 1.0.426 Build 426 - Cross-Site Request Forgery Exploit Title: OctoberCMS 1.0.426 - CSRF to Admin Account Takover Vendor Homepage: https://octobercms.com Software Link: https://octobercms.com/download Exploit Author: Zain Sabahat Website: https://about.me/ZainSabahat Category: webapps...

OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery

Exploit Title: OctoberCMS 1.0.426 - CSRF to Admin Account Takover Vendor Homepage: https://octobercms.com Software Link: https://octobercms.com/download Exploit Author: Zain Sabahat Website: https://about.me/ZainSabahat Category: webapps CVE: CVE-2017-16244 1. Description Cross-Site Request Forge...

OctoberCMS Cross-Site Request Forgery Vulnerability

OctoberCMS is an open source, self-hosted content management system CMS built on the Laravel PHP framework developed by Canadian software developer Alexey Bobkov and Australian software developer Samuel Georges. A cross-site request forgery vulnerability exists in OctoberCMS version 1.0.426 a.k.a...