31 matches found
PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability
PHP-Nuke 8.x = Cross Site Request Forgery CSRF / Anti-CSRF Bypass Vulnerability 1. OVERVIEW The PHP-Nuke version 8.x and lower versions are vulnerable to Cross Site Request Forgery CSRF because its Anti-CSRF mechanism Referer Check is found to be broken. 2. BACKGROUND PHP-Nuke is a Web Portal...
CVE-2010-0921
Cross-site request forgery CSRF vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...
CVE-2010-0920
Cross-site scripting XSS vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...
CVE-2010-0921
IBM Lotus iNotes (aka Domino Web Access) prior to 229.281 for Domino 8.0.2 FP4 is affected by a CSRF vulnerability that could allow an attacker to hijack the authentication of unspecified victims due to missing XSS/CSRF Get Filter and Referer Check fixes. Affected component: iNotes/DWA on Domino ...
CVE-2010-0921
Cross-site request forgery CSRF vulnerability in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."...
Seven jubilee dance music management system v3. 0 0day analysis-vulnerability warning-the black bar safety net
!-- Include File="CmsDj. Conn. asp" - !-- Include File="CmsDj. Function. asp" - % Fromurl = CstrRequest. ServerVariables"HTTPREFERER" Servurl = CstrRequest. ServerVariables"SERVERNAME" If midFromurl,8,lenServurl Servurl Then //determine the REFERER Response. Write "does not support external links...
sablog1. 6 CSRF vulnerability POC-vulnerability warning-the black bar safety net
sablog1. 6 CSRF vulnerability POC. This in my blog, The test is successful, the official download the latest version of the test is successful, but in Ozawa blog failure. The reason is his own modified source program, to determine the referer's. POC: Comments, web site address Enter:...
MODx cross-site request forgery vulnerability
Overview MODx, an open source contents management system, contains a cross-site request forgery vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
PT-2007-2910 · Php Nuke · Php-Nuke
Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 8.0 and earlier Description: The issue concerns a problem with cross-site request forgery CSRF protection. It does not properly validate the HTTP REFERER, allowing remote attackers to conduct CSRF attacks. Recommendations: F...
formmail (PHP) Upload file using CSS
Informations : °°°°°°°°°°°°°° Website : http://www.dtheatre.com/scripts/ Version : all Problem : Upload file PHP Code/Location : °°°°°°°°°°°°°°°°°°° formmail.php : ------------------------------------------------------------------ function checkreferer$referers if count$referers $found = false;...