34 matches found
EUVD-2010-4187
Malware in sbrugna...
EUVD-2018-8886
Malware in sbrugna...
CVE-2010-4213
The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data...
Exploit for CVE-2025-31033
⚠️ CVE-2025-31033 - CSRF in WordPress Buddypress Humanity Plug...
📄 WordPress Buddypress Humanity 1.2 Cross Site Request Forgery
WordPress Buddypress Humanity plugin versions 1.2 and below suffer from a cross site request forgery vulnerability. ⚠️ CVE-2025-31033 - CSRF in WordPress Buddypress Humanity Plugin...
CVE-2021-4386
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
Pointless May Not Be Harmless: The Story of a Login Page with a Blank Security Question
...
Cross site request forgery (csrf)
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
CVE-2021-4386 WP Security Question <= 1.0.5 - Cross-Site Request Forgery Bypass
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
CVE-2021-4386
CVE-2021-4386 concerns the WordPress WP Security Question plugin. The vulnerability arises from missing/incorrect nonce validation in the plugin’s save() function, allowing unauthenticated attackers to modify plugin settings via forged requests if they can lure an administrator into clicking a li...
WordPress Plugin WP Security Question 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Fake Amazon Prime email abuses LinkedIn's URL shortener
Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks--shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If youve ever seen a Tiny URL, or a Bit.ly link, youll already be...
WordPress WP Security Question plugin <= 1.0.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WP Security Question plugin versions = 1.0.5. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...
U.S. General Services Administration: Account takeover through multistage CSRF at https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer and ../AutoChoice/changePwOktaAnswer
Hi, Account takeover is possible through CSRF vulnerability at 'Change Security Question/Answer' & ' Change Password'. The endpoints - https://autochoice.fas.gsa.gov/AutoChoice/changeQAOktaAnswer & https://autochoice.fas.gsa.gov/AutoChoice/changePwOktaAnswer both are vulnerable to CSRF attack...
CVE-2020-26061
The CVE concerns ClickStudios Passwordstate (password manager) prior to 8.5 build 8501. The ResetPassword function does not verify whether the user is authenticated via security questions, allowing an unauthenticated, remote attacker to send a crafted HTTP request to /account/ResetPassword to set...
CVE-2018-17108
The SBIbuddy aka com.sbi.erupee application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application...
Design/Logic Flaw
The SBIbuddy aka com.sbi.erupee application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application...
CVE-2018-17108
The SBIbuddy aka com.sbi.erupee application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application...
CVE-2018-17108
The SBIbuddy aka com.sbi.erupee application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application...
phpyun 任意用户密码修改两处 (秒破/demo测试)
简要描述: 好久没看过php了。。。。 如题咯。 详细说明: 来看到找回密码的地方。 app/controller/forgetpwd/index.class.php function sendaction $username=yuniconv"utf-8","gbk",$POST'username'; if!$this-CheckRegUser$username&&!$this-CheckRegEmail$username $res'msg'=yuniconv"gbk","utf-8","用户名不符合规范!"; $res'type'='8'; echo...