Upgraded Q -> 2 from #345 [1699029532851]

Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Low-01 When a User-1 sell/transfer a safe to User-2, during transfer allowance is not clear in case of User-1 safeCan is a mapping which set allowance for other addresses, by which they can perform action on behalf o...

Fuel CMS 1.5.0 - Cross-Site Request Forgery Vulnerability

Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce: 1. Login with us...

Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Fuel CMS 1.5.0 - Cross-Site Request Forgery CSRF Google Dork: NA Date: 11/03/2022 Exploit Author: Ali J Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.5.0 Version: 1.5.0 Tested on: Windows 10 Steps to Reproduce:...

CVE-2017-9673

In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account via the index.php/user/new URI or change its settings via the index.php/user/1 URI, including its password...

CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...

CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...

CVE-2015-3231

Removed by vendor...