Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/zctx: check chained notif contexts Send zc only links ubufinfo for requests coming from the same context. There are some ambiguous syz reports, so let's check the assumption on notification completion...

EUVD-2022-7288

Malicious code in bioql PyPI...

Emby Windows 代码问题漏洞

Emby Windows is a media playback application for the Windows platform developed by Emby LLC that supports Windows 10, 11 and later systems. Emby Windows suffers from a server-side request forgery vulnerability that stems from the server not implementing an adequate authentication mechanism to...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2024-45693

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account...

CVE-2024-45693 Apache CloudStack: Request origin validation bypass makes account takeover possible

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account...

CVE-2024-45693 Apache CloudStack: Request origin validation bypass makes account takeover possible

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

Cross-site Request Forgery (CSRF)

SPIP is vulnerable to cross site request forgery. The vulnerability exists due to a lack of sanitization of the origin of the source of request...

Field Test gem Cross-Site Request Forgery Vulnerability

Field Test gem is an A/B testing software package. A cross-site request forgery vulnerability exists in Field Test gem versions 0.2.0 through 0.3.2 Ruby. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker coul...

Mail.ru: Account takeover via CORS misconfigutation on https://beta.delivery-club.ru

Insufficient check for request origin allowed crossite access to beta.delivery-club.ru...

CVE-2017-6038

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...

pfSense XSS and CSRF Vulnerabilities (pfSense-SA-15_04.webgui)

pfSense is prone to multiple cross-site scripting XSS vulnerabilities and a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Teracom Modem T2-B-Gawv1.4U10Y-BI Cross Site Request Forgery

Exploit Title: Teracom Modem CSRF Vulnerability Date: 20-04-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a...

Teracom Modem T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery

Exploit Title: Teracom Modem CSRF Vulnerability Date: 20-04-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a...

Сross-Site Request Forgery (CSRF) in XCloner Standalone

High-Tech Bridge Security Research Lab discovered vulnerability in XCloner Standalone, which can be exploited to perform Сross-Site Request Forgery CSRF attacks and gain complete control over the website. 1. Сross-Site Request Forgery CSRF in XCloner Standalone: CVE-2014-2579 1.1 The vulnerabilit...

Multiple Vulnerabilities in KrisonAV CMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...

Multiple Vulnerabilities in CosmoShop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CosmoShop which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in CosmoShop 1.1 The vulnerability exists due to input sanitatio...

Multiple Vulnerabilities in xtcModified

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in xtcModified which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in xtcModified 1.1 The vulnerability exists due to input...