CVE-2017-13994

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...

CVE-2017-13994

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...

OSIsoft PI Web API Cross-Site Request Forgery Vulnerability

The OSIsoft PI Web API is a product for accessing PI system data. A cross-site request forgery vulnerability exists in the OSIsoft PI Web API. As the program fails to properly validate HTTP requests. An attacker could exploit the vulnerability to perform certain unauthorized actions and access th...

Cross-Site Request Forgery Vulnerability in Multiple IBM Products (CNVD-2017-10743)

IBM Global Retention Policy and Schedule Management is a single retention management system. An unspecified cross-site request forgery vulnerability exists in multiple IBM products, which stems from a program's failure to properly validate HTTP requests. A remote attacker could exploit the...

CVE-2017-0247

The CVE affects Microsoft ASP.NET Core: a DoS vulnerability caused by improper validation of web requests in the TextEncoder.EncodeCore function. It applies to ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3, where remote attackers could trigger DoS by exploiting incorrect calculation of the...

NetIQ Access Manager Cross-Site Request Forgery Vulnerability

NetIQ Access Manager NAM is a set of resource access solution developed by NetIQ Inc. in the United States. It provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A cross-site request forgery vulnerability exists in NetIQ Access Manager due to...

IBM Security Identity Manager Cross-Site Request Forgery Vulnerability (CNVD-2017-04428)

IBMSecurityIdentityManager ISIM is a suite of identity management and governance solutions from IBM, USA. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password management. A cross-si...

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability (CNVD-2017-03854)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site request forgery vulnerability...

Cross site request forgery (csrf)

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information...

IBM Security Access Manager Cross-Site Request Forgery Vulnerability (CNVD-2017-01308)

IBM Security Access Manager is a security access manager from IBM USA. IBM Security Access Manager suffers from an unspecified cross-site scripting request forgery vulnerability that stems from a failure to adequately validate HTTP requests. An attacker could use this vulnerability to perform...

Cisco Hybrid Meeting Server Cross-Site Request Forgery Vulnerability

Cisco Hybrid Meeting Server is a Cisco conferencing system. A cross-site request forgery vulnerability exists in Cisco Hybrid Meeting Server, which stems from the program failing to properly validate HTTP requests. An attacker could be allowed to exploit this vulnerability to perform certain...

IBM Connections Cross-Site Request Forgery Vulnerability (CNVD-2016-11315)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. The IBM Connections...

Apache Jackrabbit Cross-Site Request Forgery Vulnerability

Apache Jackrabbit is the United States Apache Apache Software Foundation, a full compliance with the Java API version of the content storage specification JCR implementation. A cross-site request forgery vulnerability exists in Apache Jackrabbit that stems from the program failing to properly...

Pivotal Software Spring Social Core Cross-Site Request Forgery Vulnerability

Pivotal Software Spring Social Core is a set of APIs for connecting social services from Pivotal Software, USA. A cross-site request forgery vulnerability exists in Pivotal Software Spring Social Core versions 1.0.0 to 1.0.3 and 1.1.0 to 1.1.2, which stems from the program failing to properly...

pfSense Firewall Cross-Site Request Forgery Vulnerability (CNVD-2016-02624)

pfSense is a free, open-source customized version of FreeBSD designed for use as a firewall and router. A cross-site request forgery vulnerability exists in pfSense. Due to insufficient script validation of HTTP requests, a remote attacker can spoof a logged-in administrator to access malicious w...

HackerOne: Limited CSRF bypass.

Hello team I have found an very limited CSRF which could be valid for GET requests only. And the Integrations Tab is can be used in bypass Description : Effected url :-...

OmniAuth Request Phase Cross-Site Request Forgery Vulnerability

OmniAuth is a set of authentication system implemented using Rack middleware. OmniAuth suffers from a cross-site request forgery vulnerability. As the program fails to properly validate HTTP requests. A remote attacker can exploit this vulnerability to perform unauthorized operations and gain...

Vesta Control Panel Cross-Site Request Forgery Vulnerability

Vesta Control Panel is an open source web hosting control panel. A cross-site request forgery vulnerability exists in Vesta Control Panel. As the program fails to properly validate HTTP requests. An attacker could use this vulnerability to perform unauthorized actions on a user's logged in...

Multiple Cross-Site Request Forgery Vulnerabilities in Roundcube Webmail

RoundCube Webmail is a browser-based, multi-language IMAP client. Roundcube Webmail has multiple cross-site request forgery vulnerabilities because it fails to properly validate HTTP requests. An attacker could exploit these vulnerabilities to perform certain unauthorized actions and gain access ...

TinyRise 最新版注射获取敏感信息

简要描述： TinyRise 最新版注射获取敏感信息 详细说明： 主要问题出在filterclass.php: public static function text$str $config = HTMLPurifierConfig::createDefault; $cachedir=Tiny::getPath'cache'."/htmlpurifier/"; if!fileexists$cachedir File::mkdir$cachedir; $config = HTMLPurifierConfig::createDefault; //配置 缓存目录...