20 matches found
Sentrifugo 3.2 - Persistent Cross-Site Scripting
Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...
Sentrifugo 3.2 - Persistent Cross-Site Scripting
Sentrifugo 3.2 - Persistent Cross-Site Scripting Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS...
Sentrifugo 3.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in...
Sentrifugo 3.2 Cross Site Scripting
Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...
CVE-2017-3965
Cross-Site Request Forgery CSRF aka Session Riding vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted...
CVE-2017-3965 SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability
Cross-Site Request Forgery CSRF aka Session Riding vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted...
CVE-2017-3965
The CVE-2017-3965 entry concerns the McAfee Network Security Management (NSM) web interface. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw in NSM prior to 8.2.7.42.2 that enables remote attackers to perform unauthorized tasks by issuing specially crafted URLs. The affected compone...
IRCCloud: HTML Form without CSRF protection
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Attack details Form name: Form action:...
Stark CRM 1.0 Script Injection / Session Riding
Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and projects. Desc: Multiple stored XSS and CSRF...
Stark CRM 1.0 - Multiple Vulnerabilities
Stark CRM 1.0 - Multiple Vulnerabilities Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and...
Stark CRM 1.0 - Multiple Vulnerabilities
Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and projects. Desc: Multiple stored XSS and CSRF...
SAP Xcelsius - insecure crossdomain policy
Application: SAP Portal Xcelsius dashboards Vendor URL: http://www.sap.com Bugs: insecure crossdomain policy Exploits: YES Reported: 12.03.2012 Vendor response: 12.03.2012 Date of SAP Security Note Published: 08.01.2013 Date of Public Advisory: 29.01.2013 Reference: SAP Security Note 1412864...
Acrobat Reader Universal CSRF and session riding
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the 1 FDF, 2 xml, and 3 xfdf AJAX request parameters, following the hash character, aka...
webcit-multi.txt
Vendor contacted: 2007-06-24 Affects: Webcit 7.11 Fixed: 2007-07-06 WebCit 7.11 1. Background WebCit is the webfrontend to administer and use Citadel, which is an open-source groupware server. 2. Session Riding 2.I. Problem Description It is possible for an attacker to execute actions in the name...
Session Riding and multiple XSS in WebCit
Vendor contacted: 2007-06-24 Affects: Webcit 7.11 Fixed: 2007-07-06 WebCit 7.11 1. Background WebCit is the webfrontend to administer and use Citadel, which is an open-source groupware server. 2. Session Riding 2.I. Problem Description It is possible for an attacker to execute actions in the name...
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
Adobe Acrobat Reader Plugin - Multiple Vulnerabilities Original Advisory: http://www.wisec.it/vulns.php?page=9 Original Discovery and Research: Stefano Di Paola Contribution: Giorgio Fedon IE Dos, UXSS Analysis Elia Florio Poc and Code Execution analysis Status: Vendor Informed on 15 October 2006...
CVE-2007-0044
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the 1 FDF, 2 xml, and 3 xfdf AJAX request parameters, following the hash character, aka...
CVE-2007-0044
CVE-2007-0044 affects Adobe Acrobat Reader Plugin for Firefox/IE/Opera, with the vulnerability allowing remote attackers to induce the browser to make unauthorized requests to other sites via AJAX requests (parameters in FDF/xml/xfdf) after the hash, i.e., a cross-site request forgery (CSRF) in t...
Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue
-- Corsaire Security Advisory -- Title: VMware ESX Server Password Cross Site Request Forgery issue Date: 14.11.05 Application: VMware ESX prior to 2.5.3 upgrade patch 2 VMware ESX prior to 2.1.3 upgrade patch 1 VMware ESX prior to 2.0.2 upgrade patch 1 Environment: VMware ESX Author: Stephen de...
ciscoCall.txt
I. SYNOPSIS Release Date: 07/19/2006 Affected Application: Cisco CallManager 3.1 and up versions prior to 3.1 were not tested but may still be vulnerable Severity If Exploited: High Impact: Arbitrary configuration of phone system/Theft of individual phone users' credentials Mitigating Factors:...