Lucene search
K

7 matches found

WPVulnDB
WPVulnDB
added 2022/06/16 12:0 a.m.22 views

Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

6.5CVSS4.2AI score0.00475EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/06/16 12:0 a.m.113 views

Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

6.5CVSS1.5AI score0.00475EPSS
Exploits2
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.107 views

CVE-2022-1595 HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

5.5AI score0.02621EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/05/18 12:0 a.m.61 views

WordPress HC Custom WP-Admin URL plugin <= 1.4 - Unauthenticated Secret URL Disclosure vulnerability

Unauthenticated Secret URL Disclosure vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporary, pending a full review...

5.3CVSS1.7AI score0.02621EPSS
Exploits2References3Affected Software1
Hacker One
Hacker One
added 2021/01/04 1:48 p.m.16 views

Rocket.Chat: Registration bypass with leaked Invite Token

The Rocket.Chat API route 'validateInviteToken' was vulnerable to a registration bypass attack. The route allowed unauthenticated users to guess valid invite tokens by sending a crafted JSON payload with a regular expression. Once a valid token was obtained, the user could access private channels...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/01/21 11:32 p.m.224 views

h1-ctf: [h1-415 2020] finally

add or chars behind Joberts email, which leaks on the login page 2. register a new account using that email 3. sign out and use the recover feature with the just generated qr code. this will get you into Joberts account 3. head to /support and submit a blind XSS payload which extracts the...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/04/03 8:18 p.m.2 views

Swift: TempURL timing attack

The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...

4.3CVSS5.9AI score0.01895EPSS
Exploits0References4
Rows per page
Query Builder